[SA-exim] Per user whitelisting or rejection

Tony Earnshaw tonni at billy.demon.nl
Mon Jun 9 20:25:03 PDT 2003


Marc MERLIN wrote:

> I haven't had the time to work on this (and even less test it), but my
> guess is that we can implement the per user rejection or accept with no
> additional code in sa-exim (sa-exim runs too late to do that anyway)

> Here's how it should work:
> - for each rcpt, check if it is in the whitelist.

Which whitelist? I stopped using SA's whitelist_from and 
whitelist_from_rcvd a while back, make my own regexes.

The idea's good ...

>   - if it's the first receipient, set X-SA-Do-Not-Rej
>   - if it's not
>     - and X-SA-Do-Not-Rej is set, accept
>     - and X-SA-Do-Not-Rej is unset, send tempreject
> - do the same thing (reversed) if the rcpt is not in the whitelist

... an Exim lookup or even (drool, drool) coupling with ACLs on my 
Openldap DIT would be even better, since that would be custom stuff. Up 
your MySQL - never use it.

> - for extra points, check if the user has a ~/.spamassasin/user_prefs 
>   If so, accept just this user and tempreject the others
>   (and set a header to tell SA-Exim that it should use the user's config
>   file)

Spamd would have to run as root, then - and that's not such a good idea. 
It doesn't do the sort of uid metamorphoses that Exim does. An 
alternative is placing the user prefs in a common directory, so that the 
SA uid could read them (standard SA choice.) It would have to have write 
perms on the Bayes DB, too. Using user-based Bayes DBs for a large org 
is just about impossible: minimum 10MB per user, 3,000 employees?

> To support #3, we just need a little code in sa-exim to run spamc -u user
> What do you all think?

The whole Exim/SA-Exim thing is unbelievably elegant and flexible and 
what you suggest is only proof of that. I'm sweating at learning Postfix 
2.0 at the moment and though you might hold a candle for Wietse V. as a 
person and a card, the whole Postfix thing is one *huge* abhorrence. 
Coupled with Amavisd it is even worse. Though to put the whole thing in 
perspective, Postfix is 10 times better than Sendmail. I'm so glad I'm 
and Exim person, so that what you suggest is even possible.

Philip's new book is *good* by the way. I bought it, and I'm glad. 
Especially new Exim mailadmins should have it, it's easy to read and 
gives a good grounding.

Best,

Tony

-- 
Tony Earnshaw

There's none so daft as them as will not learn

http://j-walk.com/blog/docs/conference.htm
http://www.billy.demon.nl
Mail: tonni at billy.demon.nl




More information about the SA-Exim mailing list