Re: [exim] anti-spam pointers please

Pàgina inicial
Delete this message
Reply to this message
Autor: Larry Rosenman
Data:  
A: exim-users
Assumpte: Re: [exim] anti-spam pointers please
On 04/02/2019 2:20 am, Rory Campbell-Lange via Exim-users wrote:
> On 01/04/19, Larry Rosenman (ler@???) wrote:
>> On 04/01/2019 2:01 pm, Rory Campbell-Lange via Exim-users wrote:
>> > It's some years since I've spent time tweaking my exim setup to receive
>> > spam. I've forgotten any skills I might once have had in this area.
>> >
>> > I've gotten sick of getting 30+ spam emails a day and need to do
>> > something about it! I'd be grateful for some pointers to the
>> > state-of-the-art setup.
> ...
>> > Pointers much appreciated.
>>
>> I use the following in my content check ACL:
>>
>>   warn  message = X-Spam-Score: $spam_score ($spam_bar)
>>         ! authenticated = *
>>         spam = smmsp:true
>>   warn  message = X-LERCTR-Spam-Score: $spam_score ($spam_bar)
>>         ! authenticated = *
>>         spam = smmsp:true
>>   warn  message = X-Spam-Report: $spam_report
>>         ! authenticated = *
>>         spam = smmsp:true
>>   warn  message = X-LERCTR-Spam-Report: $spam_report
>>         ! authenticated = *
>>         spam = smmsp:true
>>   # Add X-Spam-Flag if spam is over system-wide threshold
>>   warn message = X-Spam-Flag: YES
>>         ! authenticated = *
>>         spam = smmsp:true
>>         condition = ${if >={$spam_score_int}{50}{1}{0}}
>>   warn message = X-LERCTR-Spam-Flag: YES
>>         ! authenticated = *
>>         spam = smmsp:true
>>         condition = ${if >={$spam_score_int}{50}{1}{0}}

>>
>>   #warn  message = DomainKey-Status: $dkim_status
>> #       !condition = ${if eq{$dkim_status}{}{1}{0}}
>>   # Reject spam messages with score over 7, using an extra condition.
>>   deny  message = This message scored $spam_score points. 
>> Congratulations!
>>         ! authenticated = *
>>         spam = smmsp:true
>>         condition = ${if >{$spam_score_int}{70}{1}{0}}

>>
>> With having spamd_address set to 127.0.0.1 783 in the first section.
>
> Hi Larry
>
> Thanks very much for the suggestions.
>
> Glancing at the docs under chapter 35, I guess my local users are
> "authenticated" due to our use of cram_md5. I'm giving your rules a go!
>
> I wonder also if my /etc/spamassasin/local.cf is right
>
>     required_score 3.0
>     score RP_MATCHES_RCVD -0.01
>     bayes_auto_learn 0
>     ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
>     endif # Mail::SpamAssassin::Plugin::Shortcircuit

>
> Required score seems quite a bit lower than 70 in Exim.
>
> Thanks again
> Rory

Please do *NOT* use the X-LERCTR header (that's my domain)....

Also, to get a nice compact report, I have smmsp's user_prefs set to:
⌂68% [root@???:~] # cat user_prefs
clear_report_template
report SpamScore (_SCORE_/_REQD_) _TESTSSCORES(,)_
⌂68% [root@???:~] #

(smmsp is the user exim calls spamd as).

note also that $spam_score_int is the score * 10.


-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: ler@???
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106