[SA-exim] devnull relayed spam?

[Tor Slettnes]

On Nov 10, 2004, at 15:07, Kilian Krause wrote:
> Am Mittwoch, den 10.11.2004, 15:02 -0800 schrieb Tor Slettnes:
>> [Kilian, sorry for the duplicate; I had the wrong address for the 
>> SA-Exim list the first time].
>
> well, first of all there's no need to CC me as i do read sa-exim 
> anyway.. but sending me twice might already count as ground level spam 
> hehe (just kiddin') ;)

Man, you *are* feisty.

> so you say the magic is here to use fakereject instead of reject? I 
> daresay that i tried to understand that from the URL given back in the 
> thread and somewhat i still cannot see what the *FAKE* about this 
> reject is.

"fakereject" is a control (similar to "freeze") provided by the 
Exiscan-ACL patch.  It instructs Exim to issue a "550" response, even 
if the mail is accepted.  I use it, rather than a "deny" statement, 
because I want to keep a copy of mail classified as spam in a separate 
Junk folder.

> So maybe you can enlighten me how i with this can do a "whitelisting" 
> but still scan my mails and then throw them silently into /dev/null 
> without producing large backscatter with my mx being the one listed in 
> the "he's to blame, he didn't accept it!"..

I tried twice, here is a third time.

First, use Exiscan-ACL rather than SA-Exim, for the reasons I have 
described.

Second, invoke SpamAssassin on all mail, but don't reject if the 
sending host is in your whitelist.  The following does this (in a 
fashion a little bit simpler than what I provided last time):

   deny message    = Classified as spam (score $spam_score)\n$spam_report
        set acl_m9 = ham
        spam       = mail
        set acl_m9 = spam
        !hosts     = /etc/mail/whitelist-hosts

   warn message    = X-Spam-Status: \
                     ${if eq{$acl_m9}{spam}{Yes}{No}}; score=$spam_score


The first ("deny") statement, line by line:
    - Define the 550 message that will be issued in the event that this
      statement evaluates to "true"

    - Initially set a flag in $acl_m9 to indicate that this message is 
ham.

    - Invoke SpamAssassin as user "mail"

    - If we are still here, it means the "spam" condition was true.
      Change the flag in $acl_m9 to indicate that the message is spam.

    - Check that the host is not in /etc/mail/whitelist-hosts, before 
actually
      deciding to reject the mail.


The second ("warn") statement adds a "X-Spam-Status: No" or 
"X-Spam-Status: Yes" header line to the mail, depending on whether the 
mail was classified as ham or spam.


Again, for a more sophisticated example, see:
     http://slett.net/spam-filtering-for-mx/exim-sa.html


-tor