Re: [exim] Spamassassin with Exim for filtering outgoing mai…

Top Page

Reply to this message
Author: Todd Lyons
Date:  
To: Odhiambo Washington
CC: exim-users@exim.org, soumya tr
Subject: Re: [exim] Spamassassin with Exim for filtering outgoing mails
On Mon, Oct 28, 2013 at 3:20 AM, Odhiambo Washington <odhiambo@???> wrote:
> On 28 October 2013 13:08, soumya tr <soumya.324@???> wrote:
>> Has anyone tried spamassassin with exim exim for checking outgoing mails?
> Well, without a specific rule to exempt certain mails, all mails are
> scanned - incoming and outgoing. That's how it happens on my servers,


I have two users which run spamassassin, and a different spamassassin
configuration for both.

user1 scans inbound email:
- lower spam score, 4.5
- full network tests (i.e. RBL checks, URIBL checks, razor, etc)
- some local, specific rules to block some crap that always seems to get by

user2 scans outbound email:
- higher spam score, 6.0
- disable network tests because it's webmail or an authenticated user

Some may scoff at the higher spam score allowed for outbound mail.
The outbound spam score is higher because a lot of the Direct From
Outlook or More Than X% HTML type rules tend to get matched, which
elevates the score somewhat.

It is important that you not allow abusive email behavior, so you must
monitor your users and keep track of their activity. I strictly
monitor volume and block smtp auth users based on max volume per hour
and max volume per 24 hours. I also check for multiple IP addresses
using smtp auth, and if it gets above $LIMIT, I change the password on
the account to prevent further logins. I also use Lena's suggested
routines for monitoring smtp auth brute force attacks.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine