On Mon, Jun 10, 2002 at 01:03:30PM +0200, Kjetil Kjernsmo wrote: | Hi there! | | I'm just setting up my first mail system, and I'm coming over to | SpamAssasin. I've been using Junkfilter for many years, and I've also | spent a lot of time in NANAE, but for the first time, I'm configuring | spam filters for an entire site. I'm hooking it into Exim on a small | box running Debian Woody.
http://dman.ddts.net/~dman/config_docs/exim3_spamassassin.html | The scoring systems seems like a very nice feature, and I figured it | would be nice to use it with several different thresholds: | 1. Highest Threshold: The message is forwarded to Dave Null and | forgotten. | 2. Medium Threshold: The message is rejected and a bounce message is | returned to the sender, saying "contact postmaster if this is wrong". | 3. Lower Threshold: The message is tagged, including the hits, so that | different users may set different thresholds in their clients. | | Would it be easy to set up SpamAssasin (and Exim) with something like | this? It's not that hard. SA *only* tags the message. These "high"/"medium"/"low" thresholds are all handled by your system after SA has put its mark on the message. For example, something like this in your system filter might do the trick (but RTFM and test the code, I haven't done that) : if $h_X-Spam-Status: matches "Yes, hits=[3-9][0-9]" then # we've got spam, scored between 30 and 99, inclusive seen finish # this is the blackhole endif if $h_X-Spam-Status: matches "Yes, hits=([1-9][0-9])" then # we've got spam, scored between 10 and 99, inclusive # note that this is only checked if the above test fails fail "<<spam $1>>\ Your message appears to be spam.\n\ If it isn't, please contact the postmaster.\ " endif | What would your thresholds be, if you were to do this? Bouncing spam after you've accepted it isn't very effective -- usually the return address is invalid (which means the bounce gets stuck on your queue) or belongs to some innocent bystander (which means they get bounces for junk they never sent). What I do is use the sa-exim patch (and a custom-built copy of exim) to reject messages scoring over 10 at SMTP time. If it has a valid return address, the *other* server will send a bounce to it (thus dealing with false-positives, but there shouldn't be false positives scoring over 10). If it came from an invalid address, the *other* server gets stuck with the bad bounce :-). This setup is documented at : http://marc.merlins.org/linux/exim/sa.html You're welcome to test it out by sending stuff to [EMAIL PROTECTED] (or [EMAIL PROTECTED]). If the message is spam it will be rejected. Otherwise it will be accepted and sent to the bit-bucket. | Something that wasn't quite clear to me with spamtraps (yes, I have a | few spamtraps), the message goes into Vipul's Razor, but isn't there a | bit of a lag there? So my concern was that if the spamtrap catches it, | and it is sent to other users just after being sent to the spamtrap, | would it be caught? Is the address added to a local blacklist too? You can do whatever you want with your spamtraps. You're not restricted to dumping the trapped message through SA only. If you want to add the addresses to a blacklist (usually ineffective due to address forging) you can do that yourself. If SA would have already tagged the message caught by the spamtrap, you don't even need to do anything with the spamtrap. HTH, -D -- After you install Microsoft Windows XP, you have the option to create user accounts. If you create user accounts, by default, they will have an account type of administrator with no password. -- bugtraq GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
msg06113/pgp00000.pgp
Description: PGP signature
