Re: [exim] Exim & Spamassassin at SMTP time

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date: 2010-03-09 11:40 -000
To: exim.ml, exim-users
Subject: Re: [exim] Exim & Spamassassin at SMTP time


--On 9 March 2010 10:40:25 +0000 exim.ml@??? wrote:

> Good morning, this is my first post here so please be gentle with me.
> Please accept my apologies for the length of the post. I've done some
> research but get mixed, missing and contradictory views so I could use
> some professional input.
>
> For a few years I have been using Postfix largely because I inherited
> the 'skills' from a support based role where it made up a large portion
> of an anti-spam appliance I worked with.
>
> Recently I've started to look for reasons to justifiably try Exim and
> look at what it can do 'better' or 'differently' to Postfix.
>
> I'm guessing this list is watched by Exim experts who are very
> intelligent.


Oh, absolutely!

> Ultimately it comes from the Cambridge University stable
> and I'm wondering if I can get a few quick 'yes'/'no' type answers to
> help dispell some myths and give me a prod to install it and look at it.
>
> I'm told that Exim has a steep learning curve and 'ordinary' admins
> struggle with it when compared to Postfix - does anyone here hold a view
> on that?


Exim may be a little harder to get started with. However, if you want to do
interesting things, then you'll probably find Exim more capable. I should
admit that I don't know much about postfix, though.

> My cursory searches suggest that Spamassassin can be implemented with
> Exim but I'm keen to know if it's possible to get Exim to reject
> messages that Spamassassin scores at 'x' during the SMTP session {rather
> than after accepting the message}


Yes, we do this, using spamd. Implementation is flexible within the
constraints of SMTP.

> Currently I can get Postfix to do this
> but have to plug a slightly buggy and exploitable milter into it to do
> this. I'd be very keen on an MTA that could do this easily - does Exim
> tick this box?




> I would like to make use of Bounce Address Tag Validation. I've seen it
> in my logs but it appears that Postfix has only an experimental
> milter/PD for this - does Exim have a solution for this and is it easy
> to implement?
> http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation


<http://wiki.exim.org/BATV%20signed%20address> You'll need some
understanding of the Exim config file to implement this.

> Postfix allows some basic header and body checking (but does not really
> have an effective way to white list such rules) - does Exim have similar
> or better features in this area?


Exim has very flexible ways of checking headers. For example, you can match
any header against a regular expression, or a lookup list. Many of the
obvious things are already implemented.

> As far as SASL goes with Exim, is it limited to Cyrus or can it use
> Dovecot?


Sorry, I can't answer that question. I'd be surprised if you could not do
what you want here, though.

> Can Exim support 'virtual' domains with this kind of scenario:
> Accept mail for catchall@domain for virtual mailbox on the local machine
> Accept mail for catchall@domain and relay to a final destination server
> Accept mail for x.recipient@domain1 and deliver to local virtual mailbox
> Accept mail for y.recipient@domain1 and relay to remote final
> destination.


Yes, you can do all those things. However, you'd be advised against using
catchall mailboxes. It's probably better to use plus-addressing if you want
to assign a range of addresses in advance.

> Can I get Exim to archive a copy of all mail that passes through it by
> piping it to another indexing program?


Yes, you can define a shadow transport that does a second delivery of
email. It can be through a pipe. However, you'll find that the log facility
will save all the data that is legal to intercept under UK law.

> How does Exim fair as far as DKIM signing / verification goes?


It's implemented. I'm not currently using it.

> Finally, I'm guessing and taking as read Exim supports rejecting on
> DNSBL's, missing/errors in PTR and invalid recipients (either by looking
> to LDAP, a PostgreSQL or MySQL database)


yes, all of those are possible.

> I appreciate that this is a long post with lots of questions. I want to
> be 'patriotic' and try an English MTA but need to be sure I'm not going
> to get into several months of 'learning' to find that I've gone the
> wrong way!
>
> Kind regards
> Daniel


Looking at <http://www.postfix.org/features.html>, there's a couple of
things that Exim doesn't support:
QMQP, Milters, plug-ins.

For Milters, you'd use Exim ACLs. My understanding is that ACLs are rather
easier to work with. Indeed, your reference to a 'buggy' milter confirms
this. It suggests that a lot of effort would be required to fix the bugs,
and that's hard to imagine with ACLs.

Plugins? Well, Exim can call perl scripts, but I've never seen the need for
my installation. Quite often an alternative solution exists without resort
to perl.

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/