Re: [exim] Ocassional spam forwarding

Top Page
Delete this message
Reply to this message
Author: Jeff Lasman
Date:  
To: exim-users
Subject: Re: [exim] Ocassional spam forwarding
On Friday, February 04, 2011 05:24:39 am Todd Lyons wrote:

> If your ACL's just check for the presence of the header and don't also
> make sure that one of your hosts put that header there, then you have
> a hole which crafty spammers can abuse.


I know, and I'm ready to close the hole. I suppose I need to figure out a way
to remove all other SpamAssassin headers and then run the email through our
copy. If you have another idea, or an easy way to remove the headers I hope
you'll write back.

> It turns out to be not that difficult to do per user domain DKIM. We
> do it for smtp auth'd users and for webmail users sending using their
> domain. *IF* they have one. If they are using a domain that we don't
> host, then we don't DKIM sign. All the data lives in a mysql backend,
> but if you wanted to put it in flat files, it would be just a
> different lookup type (and central storage such as an nfs server).


I'd like to do it, but because we use a hosting control panel, we need some
kind of automation on adding/removing domains. And that has to be worked
through with the hosting company.

> I think we'd have to see your data acl to be sure, but if your hunch
> above about when SA is run, you probably have 1 of 2 scenarios:
> 1. you're limiting your SA scan to local mailboxes only. (remove the
> local mailbox only restrictions)
> ...or...
> 2. you're accepting email forwarders before the SA scan. (move the
> accept to _after_ your SA calls)


I'll need to look into exactly how we do it now. SpamAssassin controls are
integrated into the hosting control panel we use (DirectAdmin) and I've never
changed that part of exim.conf.

I think we're accepting email forwarders before the SA scan. Note that we run
SpamAssassin after email has been accepted and then pass the email back to
exim for final delivery (again, according to the original DirectAdmin design).

We can work with DirectAdmin's publishers to make any changes, but they
wouldn't be instant; I'll wait until we can meet and talk offline about
ramifications, before I contact them.

> Jeff, I'm going to be attending SCALE this year. If you make it out
> there, we can sit and compare exim configurations. We might be able
> to learn from each other :-)


I'll be at SCALE. I'll be staying at the host hotel Friday and Saturday
nights. I'll have a computer with me <smile>, and access to any of my working
and test servers.

I'll write you offlist with my cellphone number; if you program it into your
phone you can try and reach me at any time while you're there.

> And if we can coordinate and make it out to a local LUG meeting again
> (I've been negligent in making them), we could do more of the same.


I've been making the Socal LUg that meets at Panera Bread in Riverside 7PM the
last Wednesday of every month. But let me know (offlist) when you're going to
attend so I'll make sure not to miss that one.

Jeff
--
Jeff Lasman, Nobaloney Internet Services
Post Office Box 52200, Riverside, CA 92517
Our blists address used on lists is for list email only
Phone +1 951 643-5345, or see: "http://www.nobaloney.net/contactus.html"