[SA-exim] devnull relayed spam?

[Tor Slettnes]

On Nov 4, 2004, at 07:58, Marc MERLIN wrote:
> I see. I have just less compassion that you :) (if they accept random 
> spam they're going to get the unbounceable mail anyway, with or 
> without me refusing some of their forwards)

I tend to agree in the case where you are using another host as a 
secondary MX.  It is important that you either have control of your own 
MXs, or that the party hosting your secondary MX has (at least) as 
stringent filters as you do.

There are a couple of other cases where there _is_ a need for 
host-based whitelisting:

   - If someone on your site subscribe to a mailing list, you'll get
     forwarded spam from that list.  In my case, most spam comes from
     the Debian list servers, or to my <tor at debian.org> account.

   - If one of your users have a ".forward" setup on another host, you
     will get spam from there.

In both these cases, you do not want to do SMTP (550) rejects - you'll 
only (a) hurt your friend, who will see freezes in their mail queue, or 
(b) generate collateral spam -- depending on whether the sender address 
is valid or not.

With SA-Exim, any whitelisting you do in Exim ACLs have no effect, 
since SA-Exim runs under a different Exim subsystem: local_scan().  The 
only option, therefore, is to whitelist these hosts in SpamAssassin:

     whitelist_from_rcvt   *@*   debian.org

The issue with this is that because SA-Exim does not pass the recipient 
username to SpamAssassin, there is no per-user configuration (including 
a per-user whitelist).  Thus, all mailing lists and forwarders that 
_any_ user on your system receives mail from have to be setup at the 
system level (in /etc/spamassassin/local.cf, 
/etc/mail/spamassassin/local.cf, or similar).

I wrote up some text on these considerations, here:
	http://tldp.org/HOWTO/Spam-Filtering-for-MX/considerations.html
	http://tldp.org/HOWTO/Spam-Filtering-for-MX/exim-sa.html
	http://tldp.org/HOWTO/Spam-Filtering-for-MX/exim-forward.html

-tor