[SA-exim] Per user whitelisting or rejection

Marc MERLIN marc at merlins.org
Mon Jun 9 11:41:12 PDT 2003


On Mon, Jun 09, 2003 at 07:25:03PM +0200, Tony Earnshaw wrote:
> Marc MERLIN wrote:
> 
> >I haven't had the time to work on this (and even less test it), but my
> >guess is that we can implement the per user rejection or accept with no
> >additional code in sa-exim (sa-exim runs too late to do that anyway)
> 
> >Here's how it should work:
> >- for each rcpt, check if it is in the whitelist.
> 
> Which whitelist? I stopped using SA's whitelist_from and 
> whitelist_from_rcvd a while back, make my own regexes.
 
This:
http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf.master

  localpartlist nosarej = /etc/exim/acls/destwhitelist
(...)
  warn     message	 = X-SA-Do-Not-Rej: Yes
	   local_parts	 = +nosarej:postmaster:abuse

 
> The idea's good ...

I've been meaning to do it for a while, just haven't had the time.
If one of you can try it out and work out the syntax, please surprise me :)

> >- for extra points, check if the user has a ~/.spamassasin/user_prefs 
> >  If so, accept just this user and tempreject the others
> >  (and set a header to tell SA-Exim that it should use the user's config
> >  file)
> 
> Spamd would have to run as root, then - and that's not such a good idea?

Not necessarily.
You can force users to make their ~/.spamassasin/user_prefs readable by all

Or, you can patch spamd to read the conf from
/var/lib/spamassassin/userprefs/login (or something)

> It doesn't do the sort of uid metamorphoses that Exim does. An 
> alternative is placing the user prefs in a common directory, so that the

Right.

> perms on the Bayes DB, too. Using user-based Bayes DBs for a large org 
> is just about impossible: minimum 10MB per user, 3,000 employees?
 
Right. I'm not looking at Bayes for now.

> Philip's new book is *good* by the way. I bought it, and I'm glad. 
> Especially new Exim mailadmins should have it, it's easy to read and 
> gives a good grounding.

I need to get google to buy a few, I need to enlighten a few sysadmins
around here :)

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key



More information about the SA-Exim mailing list