[SA-exim] greylisting, exim-4.34 status

Marc MERLIN marc at merlins.org
Sat May 15 12:22:57 PDT 2004


On Fri, May 14, 2004 at 05:33:51PM +0100, Paul Makepeace wrote:
> Hi,
> 
> I'm about to attempt an upgrade from my venerable and heavily hacked
> exim-4.05-VA-mm1 to the newer exim4 package with its split config.

Whao, I didn't know anyone was still running that :)

> Is a exim.deb/sa-exim.deb release imminent now that exim 4.34 has had
> the Received: header code backed out? If so I might hold off a while.
 
You don't need a new release, the current code should work fine.
For that matter, now that exim 4.34 is in unstable, I just upgraded and
things look fine.

I also doublechecked that Philip's fix in 4.34 works fine, I indeed receive
the last received line.
I'm now running exim 4.34 and the current sa-exim on my main mail server
without any problems.
 
> Also, how have people found greylisting? Any thoughts on thresholds etc
> having used it for a while now?

The one I give in the docs really work great for me:
tempreject at 3, permreject at 11, and greylisting lowers the score by
8 between the temp lower and the SA greylisted score

On Fri, May 14, 2004 at 07:26:18PM +0200, Sander Smeenk wrote:
> That's because Greylisting wasn't designed to work with two MX servers
> that don't share the same configuration files. I haven't had the time

Actually greylisting would work there too.

> to set something up with sfs or so, so both can use the same Bayes and
> Greylisting information. (Or convince myself that only the primary MX
> server will do just fine).

Yeah, things will work fine.
1) most mail will go through just fine
2) greylisted mail that is spam will go to your secondary MX, unless it was
   already sent there to start with
3) secondary MX will also greylist sender
4) if sender resends a 2nd or 3rd time depending on above, the mail will
   be accepted
5) ...
6) profit (*)

Mmmh, actually not quite, I should build a greylist hack so that if
/var/spool/sa-exim/tuplets/12/174/92/all 
or
/var/spool/sa-exim/tuplets/12/174/92/all/all
exit, then the mail is whitelisted automatically

This would allow you to accept all mail from your secondary MX without
greylisting it one more time (things work as is mind you, but in some cases
you would needlessly delay mail by one extra hour)
In the meantime, you can also setup a spamassassin header rule that matches
the IP of your secondary MX and lowers the SA score enough to allow the mail
through

Marc

(*) sorry, gotta watch South Park to get that one :)
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f at merlins.org for PGP key



More information about the SA-Exim mailing list