Alun
> Sent: Monday, October 03, 2005 10:34 AM
> To: [email protected]
> Subject: Re: [exim] Reducing Spam Assassin Load
>
> Marc Perkel <[EMAIL PROTECTED]> said, in message
> [EMAIL PROTECTED]:
> >
> > But no one has done anything to reduce load processing ham.
>
> Here's what we do. If I send mail to [EMAIL PROTECTED], my exim
> drops an entry in a database ([EMAIL PROTECTED],
> [EMAIL PROTECTED]). Any mail from [EMAIL PROTECTED] to
> [EMAIL PROTECTED] is whitelisted on the basis that we've already
> swapped mails, and so doesn't go through out spam filters.
Which has the disadvantage of exposing you to
spam under several not too unlikely circumstances:
1) Someone harvests addressess from a list (e.g.,
this one) where you are both members and
sends to some members from another member.
2) You are both in someone else's email address
book who becomes a virus/trojan bot and
shares the lists or sends the spam directly.
3) Your actual correspondent is the victim in #2
4) Your actual correspondent, especially in the case
of a commercian concern, becomes the spammer.
You can overcome #1 and #2 by using schemes like
SPF and the new (3.10) SpamAssassin whitelist_from_rcvd
(as opposed to simple whitelist_from), or the
greylistd (e.g., Python implementation) which can use
singlets, doublets, or triplets (sending_server, from,
rcpt) to whitelist (or blacklist.)
You can ameliorate #3 and #4 by using the whitelist ONLY
to offer a moderate/appropriate score adjustment and
still checking the spam.
But this latter does not reduce load on SpamAssassin.
--
Herb Martin
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
