[SA-exim] Re: feedback: SpamAssassin at SMTP time in local_scan

[dman]

---------------------- multipart/signed attachment
On Wed, May 08, 2002 at 04:50:11PM -0700, Marc MERLIN wrote:
| On Wed, May 08, 2002 at 12:03:50PM -0700, Marc MERLIN wrote:
| > > I'm planning on adjusting the logic a bit at some point.  My idea is
| > > to read the first line of output from the program to determine whether
| > > it passes or fails and to extract the error message from that.  The
| > > rest of the output would be RFC2822 headers to update in the message.
| > > Obviously 'spamc' would not work as the program in this scenario.  My
| > > reasoning is to generalize it a bit to facilitate writing my own
| > > scanner that, in addition to delegating to spamc, would check for klez
| > > and similar junk for immediate rejection.  This program, at a minimum,
| > > would frontend spamc and adapt spamc's output to fit the format (and
| > > include the logic to determine pass/fail and build the error message).
| > =20
| > Yeah, I've also given some thought into moving my system_filter
| > rejects at SMTP time.  That said, each of them can be done with a
| > condition statement in the RCPT or DATA ACL, so they may be better
| > off there.
|=20
| Actually, I was wrong, most of the scans are done on the message body.
|
| I don't want to  rewrite eximscan inside my code, that  said, I don't rea=
lly
| care to  do actual virus  checking either,  I'm content doing  simple str=
ing
| matches like what we have in system_filter right now.

Same here -- I wasn't intending to attach a real virus scanner.  I was
merely intending to move the system filter stuff to SMTP time by way
of the proposed interface.
=20
| I'll make another version tonight with  your mail save idea, and think ab=
out
| what  I can  reasonably add  to  do simple  matching on  the body  (anyth=
ing
| matching in the headers can be done with "condition" in the exim ACLs)

Hmm, that's an idea.  I reread the ACL part of the spec, and it seems
that the system filter can be redone as an acl almost identically,
though it makes the text harder to read.  I converted most of it to an
acl, but didn't test it yet.

Anyways, one of the reasons for having the more general
external-process interface is to put all of that logic into a separate
program.  This eliminates the need to rebuild and re-install exim for
each change, and allows the tests to be written in a higher-level
language than C.
=20
-D

PS.  I'm not getting any messages from the list, only the Cc'd copy.

--=20

It took the computational power of three Commodore 64s to fly to the moon.
It takes at least a 486 to run Windows 95.
Something is wrong here.
=20
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg


---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/b0a7e971/attachment.bin

---------------------- multipart/signed attachment--