On 2017-10-18 at 08:36 +0000, Jaap Winius wrote:
> Some time ago I devised a spambox configuration for Exim so that messages
> that are flagged by only one or two types of filters will end up in a user's
> spambox. The transport looks like this:
>
> spambox:
[...]
Last time I ran ISP mail-systems (now over a decade ago), I built the
mail-platform to have front-end MX servers ("incoming-N") and store
boxes ("store-N"), with the incoming boxes running spam and virus
filters, etc. That way, if there were a remote exploit against the
virus scanner (likely, as there's a large attack surface) then for the
duration of the attack, the attacker could get to "mail passing through
incoming", not to "all the mail which the user has stored".
I then had the store boxes run two instances of Exim, on different
ports. Port 25 was regular, and I think it was port 26 for Spam. I no
longer remember for sure, but I suspect that port 26 was the same config
file and Exim invoked with "-DFOO=bar" to enable spam-mode, with a
different path to the storage area for all the spam (and different
log-files, etc).
That way, the front-end box can decide to classify the message as spam
and send it on with an intact envelope to the spam storers. Basic Exim
logs processing for the two instances then gets you spam-vs-nonspam
stats. And any tools which examine spam, eg to learn from it, can look
at the original recipient address and not learn "oh, all spam is sent to
addresses with +spam in them". Preserving the envelope seemed
worthwhile to me.
In your case, you'd then keep the Routers the same, but have spambox be
redefined to be an "smtp" transport instead of "appendfile" and just
override "port = 26" in the definition:
spambox:
debug_print = "T: spambox for $local_part@$domain"
driver = smtp
port = 26
-Phil