[SA-exim] Per user whitelisting or rejection

[Tony Earnshaw]

Chirik wrote:

>   I believe he is referring to whitelists in Exim's check_rcpt ACL, when you
> actually accept / reject the recipient.

Check. But what would be best is a whitelist that could be graded, not 
"all or nothing."

> postmaster does get spam, so what I could do is refuse
> to allow email addressed to postmaster AND anyone else - I'd accept
> postmaster/abuse if it was the only recipient, and send a tempreject to all
> remaining recipients except abuse, and if the first recipient was not
> postmaster / abuse, I'd tempreject those.

Postmaster and abuse should really be able to receive spam, if only
to satisfy Joe job customers and suchlike. That having been said, I 
don't have much respect for other sites' postmasters/abuse any more. 
Time was, when they'd reply and took their jobs seriously.

>>Spamd would have to run as root, then - and that's not such a good idea.
>>It doesn't do the sort of uid metamorphoses that Exim does. An
>>alternative is placing the user prefs in a common directory, so that the
>>SA uid could read them (standard SA choice.)

> I actually have my spamd setup with a master directory, because I want the
> mail user to have certain preferences, but I don't want those to be the
> system-wide prefs, and I don't want spamd running as root, so I am using a
> central location for spamc - any users that want a custom config can run it
> a second time. ;-)

Same here. I'm not a mailadmin any more, but if I were, I'd argue my 
head off for site-wide filtering. That's what I used to use, for virus - 
anything else defeats its own purpose, in the end.

>>I'm sweating at learning Postfix 2.0 at the moment and though you might
>>hold a candle for Wietse V. as a person and a card, the whole Postfix
>>thing is one *huge* abhorrence.  Coupled with Amavisd it is even worse.

> I don't just do this as a hobby - I do it professionally, to.  I run exim
> at home and love it, I run sendmail on my internal servers at my employer,
> and postfix on the external relays.  I'm considering alternatives to
> sendmail on the internal servers, because it's queue handling is pathetic -
> atleast right now, I'm leaning more towards postfix, just because I think it
> has better queue handling than exim does, although I need to look at other
> options, too.

I still have to get used to Postfix - I've only been on it for ~3 weeks. 
I think you're right about the queue handling - I found that out today, 
by mistake. It's got a completely different philosophy from Exim and 
needs far more "powerful" hardware.

 > I do kinda feel like postfix is a little messier, and don't
> like the lack of visibility into it's internals, but it looks like postfix
> 2.0 may be better.

Too much black magic, for my liking. With Exim one can adopt one's own 
solutions to a far greater extent. But things are going ahead - built-in 
SASL AUTH and spam filtering are finally being grudgingly considered, 
according to the list. As it is, I compile my own and there are too many 
undocumented additions and choices.

>>Philip's new book is *good* by the way. I bought it, and I'm glad.
>>Especially new Exim mailadmins should have it, it's easy to read and gives
>>a good grounding.

> Is the book different than the downloadable documentation?

YES! It's far more relaxed and dwells longer on details. It's 
surprisingly well written and readable, but Phil mentions that he had 
the services of a professional copy writer - his wife :)

> That's one
> thing I must say, is exim has some of the best documentation available for
> free software - much better than postfix OR sendmail.  I wish postfix had
> documentation available as a postscript or PDF file, so it'd print nicely.
> (I like printed docs - easier reference)

Perhaps we could start by helping Marc? A Faq-o-Matic like Openldap.org 
has, where people can contribute in bits and pieces (far easier to do 
than Bugzilla) might be a good start.

Best,

Tony

-- 
Tony Earnshaw

There's none so daft as them as will not learn

http://j-walk.com/blog/docs/conference.htm
http://www.billy.demon.nl
Mail: tonni at billy.demon.nl