Bazooka Joe wrote:
How do I - reject mail if it has a score above 5
My filter's file is /etc/mail/mimedefang-filter. If yours
is the same, this is the file to edit.
Your default mimedefang filter should already have a section
set up in it to handle the Spamassassin testing stuff. look
for the 'if($Features{SpamAssassin})' section. Below this
you'll see a call to spam_assassin_check, which returns several
items, one of them is the $hits. Below this is where you'll
perform the test for a hit value.
Something like:
if($hits = 5.0) {
# make a log entry
md_syslog('notice', $hits ($score) $names);
# reject the message
action_bounce('SPAM markers found');
# and return true
action_discard();
}
Though, I wouldn't recommend rejecting messages on 5.0. Maybe 9
or 10 would be a better number. I'd just quarantine anything over
5, because chances are, you'll find quite a few false positives on
5.
or virii
Mime defang is set up to automatically use anti-virus programs
that are supported by it. For example, I use clamav, and the
defang filter already handles it with the filter_begin function.
Nothing to do there except keep the clam databases updated.
2 bypass SA or whitelist if the sender was authenticated via smtp_auth.
Generally, it's a good idea to maintain the filter even on
known authenticated senders. Supposing an authenticated user
accidentally emails out an attachment that is infected with
a virus? You'd sure want the system to catch it.
Just set your Spamassassin to give whitelisted names a negative
score, and let the system do its job. I give whitelisted people
a -10 here and that's been fully sufficient to keep their emails
flowing smoothly and without problem.
Even so, I'm not sure such a thing can be done without doing
duplicate whitelist checking in the filter.
TLD
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang