[plug] Spam filtering with Exim

Shayne O'Neill shayne at guild.murdoch.edu.au
Thu May 13 08:47:14 WST 2004


Indeed.

However, while those dns blacklists still list zope as a 'hacked high ftp
server', I personally consider them as harmful to the anti-spam world :(

The guild server has zope, and is thus listed as a hacked server, because
the ridiculous dickheads who inhabit the mail abuse newslists (the only
way to contact the dns list maintainers it seems) seem to believe that the
best way to deal with zope users is to mock them and point out that
medussa suuuurrreeelllyyyy couldnt be infact a legit ftp server and
muussttt be a hacked server. (One said in an email to me "wtf are you
doing claiming to be a sysadmin. I've never even HEARD of medusa. youve
been hacked.". Nice one dickhead. Pans out every zope admin I know has had
the same problem :( :( :( )

clueless gits. I strongly suspect the maintainers of these lists are
teenagers.

I'll have to try the spamassassin patched exim tho :)

------------------------------------
"Must not Sleep! Must warn others!"
-Aesop.
Shayne O'Neill. Indymedia. Fun.
http://www.perthimc.asn.au

On Wed, 12 May 2004, Jeremy Malcolm wrote:

> Here is a brief excerpt from an article that I wrote on spam that didn't
> end up being published but which newbie users may find useful so I'm
> posting it here.
>
> Commencing with version 4.0, Exim supports both DNS-based blacklists and
> filters for the control of spam, although the configuration required in
> each case is slightly different.
>
> To use DNS blacklists, an access control list or ACL is added to Exim's
> configuration file (normally exim.conf).  The section for ACLs in Exim's
> configuration file is indicated by the heading "begin acl", and this in
> turn is divided up into a number of sub-sections indicating checks that
> are to be performed at different stages of the mail delivery process.
> For our purposes, we want to check incoming mail against a DNS blacklist
> as soon as the sending mail server issues an "RCPT" command.  Therefore
> we need to add some lines underneath the "acl_check_rcpt:" subsection of
> the file.  An example of the lines we might use to check spam against
> DNS blacklists is shown below (the \ is a line-continuation character):
>
> deny	message = Access denied - $sender_host_address\
> 	listed by $dnslist_domain\n$dnslist_text
> 	dnslists = dnsbl.net.au :\
> 	abuse.rfc-ignorant.org
>
> This will cause exim to reject mail that is sent from a host listed in
> either the dnsbl.net.au or the abuse.rfc-ignorant.org blacklists,
> returning a message to the sender such as the following:
>
> 550-Access denied - 127.0.0.2 listed by dnsbl.net.au
> 550 Test entry.
>
> Alternatively, you may prefer not to reject the mail outright but
> instead to add an "X-Warning" header to it so that users can filter it
> out or divert it to a different folder.  To do this, you would use lines
> such as the following in place of those given above:
>
> warn	message = X-Warning: $sender_host_address\
> 	listed by $dnslist_domain
> 	log_message = Listed by $dnslist_domain
> 	dnslists = dnsbl.net.au :\
> 	abuse.rfc-ignorant.org
>
> As noted above, DNS-based blacklists are an incomplete solution for the
> control of spam, and a heuristic or Bayesian filter is a good complement
> to add to your armory.  The most popular Bayesian spam filter available
> is Spam Assassin.  Normally, Spam Assassin is user-level software that
> each user runs on his or her individual mailbox.  We can, however
> integrate Spam Assassin into Exim, so that it automatically filters mail
> for all users of the machine.
>
> There are several ways of accomplishing this.  The preferred methods are
> those which allow you to bounce spam back to the sender before it is
> accepted by your mail server, instead of filtering it out afterwards.
> This cannot be done with the vanilla version of Exim, but there are two
> patched versions of Exim which will allow you to do so.  The first is
> called SA-Exim and is available from
> http://marc.merlins.org/linux/exim/sa.html, and the second is called
> Exiscan which is found at http://duncanthrax.net/exiscan-acl/.
>
> Full details on the installation and configuration of SA-Exim and
> Exiscan are available on the Web sites referenced above, and they are
> also expected to be included in the next release of Debian GNU/Linux,
> respectively under the names sa-exim and exim4-daemon-heavy.
>
> --
> JEREMY MALCOLM <Jeremy at Malcolm.id.au> Personal: http://www.malcolm.id.au
> Providing online networks of Australian lawyers (http://www.ilaw.com.au)
> and Linux experts (http://www.linuxconsultants.com.au) for instant help!
> Disclaimer: http://www.terminus.net.au/disclaimer.html. GPG key: finger.
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>




More information about the plug mailing list