Re: [exim] we all agree, let's drop that spam

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMWJCarpenter at <-
MM 
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] we all agree, let's drop that spam
WJCarpenter wrote:
> Thanks for your comments.
>
>> At the end of the day, it didn't help *us* much, as thresholds within
>> our relatively small per-domain groups tended to be fairly close between
>> players.
>>
>
> I think I know what you mean by that, but let me just ask to make sure.
> You're saying this didn't make much incremental difference because you
> have other mechanisms to deal with things based on scoring thresholds,
> and the ranges sorted out to be quite narrow anyhow.

Separately, but 'both' - yes.

We actually 'carry forward' the rDNS-fail and other scores as acl_c -->
acl_m variables.

At acl_smtp_rcpt, we can use per-user prefs to drop based on their
tolerance for each of those 'server characteristic' things - still
before scanning is needed.

We look at them again in DATA and again in router/transports to
determine whether/to which 'Suspect' folder we make the local delivery.

One small office insists on getting *everything possible* - never
risking loss of mail. A three-level sort of the suspects helps the staff
keep their heads above water, and they DO find the odd chunk of business
in the worst of the rejects.

Just because someone decides to roam the world with an unregistered MTA
on his laptop doesn't mean he cannot pay their fees.

>
> In our case, we are not currently doing any SMTP-time rejection based on
> SA scoring, but we'd like to start (because of the obvious
> methodological advantages). Even if everybody has exactly the same
> threshold value, we'll still be able to do some DATA rejects where we
> don't do any right now.
>
>

If your highest user threshold is, for example '8', you can certainly
dump incoming that score at 11 to 23 - as many do.

My personal threshold, OTOH is '1' to divert, '3' to deny.

Given that 2/3 of SA's tests are optioned OFF, those are actually
higher scores than they would seem to be.

Do take that into account when customizing SA - as you should do, ELSE
it repeats several of the tests Exim can do better, faster, and cached.

Bill


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Please help determine how spam is being sent from my serverRe: [exim] Please help determine how spam is being sent from my server->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)