Our sitewide solution here was to use qmail on our email gateways, which has the nice feature of delivering each "rcpt to" separately. That way for each delivery, it can fetch that recipient's spam preferences from our LDAP directory. If the recipient happens to be a mailing list, then it uses the spam preferences set for that mailing list, or the default preferences if none are set on that LDAP entry.
This involved modifying the qmail-remote source code. (Note that qmail-scanner works within qmail-smtpd, at which point you could still have multiple "rcpt to"'s per message.) We modified qmail-remote to send the message to spamd, read the result, and modify the message header accordingly (which depends on the user's preferences). The user preferences also include what action to take when a message is identified as spam: bounce, modify headers only, or modify headers and subject line.
Each staff member can view/modify her spam preferences via a web interface that updates the appropriate attributes on that person's LDAP entry.
We're happy to share the source code if you're interested. However, we don't have it in the form of a qmail patch yet, which is the only way that qmail modifications are supposed to be distributed.
---------------------------------------------------------------------------
>>>I am running a sitewide config of SpamAssassin with Sendmail +
>>
> MIMEDefang.
>
>>>I was wondering if it's possible to use a SQL database with this
>>>configuration?
>>>I was hoping to be able to pass the e-mail address to the SQL database,
>>>if the user's e-mail address is not in the database then a global config
>>>would be used.
>>>Thanks!
>>>
>>
>>How do you handle multiple recips? The envelope can have multiple rcpt
>>to:'s, and the mail headers can have multiple To:'s and CC:'s, so how do
>>you decide?
>>
>>You could take the first users listed, but what if user1 whitelists
>>*@ebay.com and user2 blacklists *@ebay.com?
>>
>
>
> Yeah good point, and most spam is going to be address to multiple
> recipients...
> So maybe what i'm looking for is a virtual user table that could be used
> with the sendmail virtual user table or something?
>
> -- Andrew
>
> If you are hosting the mailboxes on the same server, it is not smart to
> run spamassassin sitewide. Just run procmail or maildrop on them to
> pipe them through spamassassin or spamc/spamd with mysql configs. I run
> qmail+vpopmail and call my spamc through maildrop which then queries
> mysql for virtual uses spam settings... this is the best way I have
> found to do it.
>
> Dallas
