[SA-exim] PermReject

Marc MERLIN marc at merlins.org
Wed, 29 May 2002 17:14:33 -0700


---------------------- multipart/signed attachment
On Wed, May 29, 2002 at 06:21:30PM -0500, dman wrote:
> | I am currently devnulling above 18 and have been trying to do a permrej=
ect
> | at 20 or above, however I see in the logs that the messages are 'silent=
ly
> | tossed' according to the devnull rule of 18.  I can't see where the
> | permreject rule is being referenced.  Have I missed something to enable=
 it?
> | (yes the SApermreject: 20 line is enabled...)
>=20
> That isn't possible as the code is right now.  The relevant section
> begins on line 729 (version 1.3) (snipped for clarity) :
=20
Eheh, you're hired :-)

dman is perfectly right.

spamassassin.conf says:
# If you reach this score, the mail is accepted and tossed (/dev/nulled)
# The default value is 99999 which should ensure this never happens.
# You should be real sure that the message is spam because the sender will
# get no notification
#SAdevnull: 20.0

In other words, you can't reject for a higher score than you devnull.
Quite frankly, I don't see why you would want to.
The way I see it, you reject if you reach a certain score, and at least give
the chance for the sender to know his mail wasn't received, but for things
where you're even more sure it's spam, you _could_ just toss it.
I believe  it is  an evil  thing to  do and don't  do it  myself, but  I did
provide the rope :-)

> message.  The code, right now, checks blackholing first, and since all
> messages scoring >=3D 20 also score >=3D 18 it is blackholed.  If you want
> to reverse the order of the tests, for your site, you can do that.
 =20
Correct.
I won't support that in the code, but you can trivially modify it if you
really want to do this.

> Put those user's local parts in /etc/exim/sa_skip (lsearch format).
> In the SAEximRunCond setting include something like this :
>=20
> SAEximRunCond: ${lookup {$local_part} lsearch {/etc/exim/sa_skip} {0}{1}}
=20
Yep, although you'll probably want this:
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_addre=
ss}{1
27.0.0.1}} {! def:h_X-Spam-Flag:} } {1}{0} {${lookup {$local_part} lsearch =
{/etc/exim/sa_skip} {0}{1}}}}

This will save you from:
1) scanning messages that are generated locally on your machine
2) Not scan messages that were already scanned elsewhere (unless you decide
   not to trust the header)

Marc
--=20
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet coo=
king
 =20
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP=
 key

---------------------- multipart/signed attachment
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 350 bytes
Desc: not available
Url : http://lists.merlins.org/archives/sa-exim/attachments/b62b3790/attachment.bin

---------------------- multipart/signed attachment--