Hi all. 1st off, i'd like to say that i've read around a bit on this, so if i missed the answer, i apologize. Maybe i'm over complicating things, and thats why, so i'm sorry if thats the case.
It'll take a second to get to why I am posting to this list, so here goes: I run the systems for a medium sized ISP (roughly 25k dynamic broadband subs). We, stereotypically, block port 25 outbound to help contain zombie generated SPAM, but over the last 2 years the spammers have started coding their stuph to point its way out the user's configured outbound mail server. Currently we are on a qmail/SA setup on the outbound, it tags SPAM and delivers. (If we see a block of blatant spam we manually trash it, and since i'm in the server almost all day every day, i catch quite a bit, but not all). We have a few things in place to blacklist users if they start acting spammy, but every time we find another rule, they change what they are doing. Its a loosing battle as many of you know. Now it is crumbling under the load, and not tagging things nearly as well as would be preferred. To help alleviate the issues I've been working on a combination of DSPAM (http://www.zdziarski.com/projects/rabl/), RABL (http://www.zdziarski.com/projects/rabl/), and ClamAV. DSPAM scans the msg for spam and virus(linking to clamav) and if it tags the message as spam it sends RABL a notice about that customer's spamminess. Once the user reaches a threshold (right now about 50 notices) RABL blacklists them (default 6 hours). The nice thing about this concept is that its automatic, and all the customer has to do is clean their machines and then when 6hrs hit they are back to normal, until they get infected again (or if they didnt suceed). So at this point you are wondering why i won't shut up and get to the point. This solutions was originally setup on Postfix. Its taken a long time to get it fully to the point it is at, and in that time i've recently decided I'd rather implement it with Exim, because I want SMTP-AUTH. All of our users are virtual users in a mysql db. From What i've seen from researching doing this in Exim is cake compared to Postfix. But this still isnt the problem. The problem is that I'm not sure how to call DSPAM from Exim in an equally efficient or similar manner for outbound e-mail as I am doing with Postfix. In Postfix we forward mail to dspam.sock as a content filter, and then dspam kicks it back to a local Postfix port (10026) for delivery. This is what postfix/master.cf looks like at that point: smtp inet n - n - - smtpd -o content_filter=lmtp:unix:/tmp/dspam.sock localhost:10026 inet n - n - - smtpd -o content_filter= From looking through configs and docs, I'm assuming that I would have to start with something like this befroe the dnslookup router: scanmessage: driver = lmtp socket=/tmp/dspam.sock But i don't know where to go from there, or if that is even the best way to do that. Does anyone have any suggestions or anything? Thanks -Greg -- http://www.gvtc.com -- “While it is possible to change without improving, it is impossible to improve without changing.” -anonymous “only he who attempts the absurd can achieve the impossible.” -anonymous -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
