Matt wrote:
ExiScan has been part of exim for quite a while now. We reject spam at
SMTP
with exim and SA when it scores above 15. We have not, as of yet, had
a FP
near that high. The spams are logged in such a way it makes it easy to
create a report including the SA report, the from, to, subject, etc and
review the hits from the previous day just in case there is a FP but it
hasn't happened yet.
Could you share your modifications to exim.conf you did to accomplish
this? I am running Directadmin webgui which uses exim for a MTA.
Matt,
I can't find the reply that you quoted. Can you tell me where that came
from?
(we're considering doing the same thing here, and we're looking for
gathering best practices in the "Reject at Threshold X" area of
anti-spam techniques; for example, we know UC Davis did a lengthy
proof-of-concept period and set up rejection at a score of 15+)
To add to the list of "how to accomplish this" responses, assuming that
you don't use Exim so the Exim based answers that have been posted don't
apply to you:
1) If you use sendmail, look into using a milter. The milter I've been
using is MimeDefang. It takes some knowledge of perl, but it's a great
tool. And it can do REJECTION of virus/spam/bad-attachments during the
SMTP session (ie. the right way). There are other milters besides
MimeDefang, but that's the one I have experience with. If you're using
Sendmail, I _highly_ recommend MimeDefang.
2) I'm in the process of switching from Sendmail+MimeDefang to
CommuniGate Pro. With the 5.x series, CommuniGate Pro adds a
"Synchronous" mode for its rules, which basically means "process the
message during the SMTP session, instead of after it has been accepted".
There are LOTS of Helpers (plugins) out there for handling
anti-virus/anti-spam ... but most were written before 5.x, so I'm not
sure how many of them are geared around rejecting vs marking and/or
discarding. I've been working on my own set of Helpers that have
rejection in mind (or, in the case of spam assassin: reject at greater
than a given threshold, or mark and deliver under that threshold).
