Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 1 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 magnus 1 
<html>
2 
<head>
3 
<title>Exim SpamAssassin at SMTP time</title>
4 
</head>
5 
 
6 
<body>
7 
 
8 
<h1 ALIGN="CENTER">Exim SpamAssassin at SMTP time</h1>
9 
 
10 
<h3>What's that?</h3>
11 
<pre>
12 
mail from: merlin@gandalf
13 
250 OK
14 
rcpt to: merlin@gandalf
15 
250 Accepted
16 
data
17 
354 Enter message, ending with "." on a line by itself
18 
From: merlin@gandalf
19 
To: merlin@gandalf
20 
Subject: $$$ Make Money Fast $$$ !!!
21 
 
22 
viagra 100% GARANTEE AMAZING FULL REFUND
23 
This is not spam
24 
.
25 
550 Rejected
26 
</pre>
27 
(logs would show something like this:
28 
<tt>2004-03-10 08:27:18 1B16Y8-0001UP-4R SA: Action: permanently rejected message: hits=14.8 required=7.0 trigger=11.0 ( scanned in 2/2 secs | Message-Id: CCQPVENACPQBFLTRLICXWQVEK@gandalf). From <merlin@gandalf> (host=gandalf [127.0.0.1]) for merlin@gandalf</tt>)
29 
 
30 
 
31 
<P>
32 
An example of teergrube would return this instead
33 
<pre>
34 
data
35 
354 Enter message, ending with "." on a line by itself
36 
(...)
37 
body     SEE_FOR_YOURSELF       /See (?:for|it) yourself\b/i
38 
describe SEE_FOR_YOURSELF       See for yourself
39 
 
40 
body ORDER_NOW                  /\border (?:now|soon|fast|quickly|while)\b/i
41 
describe ORDER_NOW              Encourages you to waste no time in ordering
42 
 
43 
.
44 
451- wait for more output
45 
451- wait for more output
46 
451- wait for more output
47 
(... one line every 10 secs, 15 minutes elapse ...)
48 
450 Please try again later
49 
</pre>
50 
 
51 
The idea here is to stall and waste the resources of the remote sender (BTW
52 
teergrube comes from german, and means tar-pitting, or stopping someone in his
53 
tracks)
54 
 
55 
<BR><BR>
56 
<h3>Why?</h3>
57 
SpamAssassin can be run inside exim after the mail has been accepted, as shown
58 
<a href="http://bogmog.sourceforge.net/document_show.php3?doc_id=28">here</a>,
59 
but if you're not going to use my patch and you just want to run SA as an exim
60 
transport,
61 
<a href="http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/">this</a>
62 
version is recommended
63 
<P>
64 
Now, while this will work, we can do better, hence the reason for my code
65 
(just to make things clear, you do not want to run both my code, and dman's
66 
transports. It'd work, but you'd be scanning the message twice)
67 
<P>
68 
The reason why I wanted SpamAssassin in local scan is that I don't want to
69 
accept the damn spam in the first place.
70 
 
71 
<ul>
72 
<li>While my code lets you do that, I don't like to send mails to the bit
73 
    bucket, so you need to bounce them.
74 
<li>Once you accept the spam, you can't bounce it half the time, or you
75 
    bounce it to an innocent whose Email was forged as an envelope sender
76 
    (some spam even forges the bounce address to <em>you</em>)
77 
<li>If I refuse spam at SMTP time, it will remove the spam addresses from at
78 
    least a few lists (they gotta clean their lists eventually otherwise they'd
79 
    spend more time Emailing dead addresses than good ones)
80 
<li>I have the option of toying with spammers and stall their connections and
81 
    waste their resources (see the following page for details on
82 
    <A HREF="http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html">
83 
    teergrubing</A>
84 
</ul>
85 
 
86 
Note that you can also use this code to simply run SA on all your mails (or
87 
portion thereof as configured with SAEximRunCond) without having to configure SA
88 
in your exim.conf. In other words, this code can be configured to not reject
89 
any mails.
90 
 
91 
<BR><BR>
92 
<h3>SpamAssassin? What's that?</h3>
93 
Ah, you need to visit <a href="http://spamassassin.org/">this page</a> first
94 
then
95 
 
96 
 
97 
<BR><BR>
98 
<h3>How does it work, what knobs are there?</h3>
99 
You need to configure spamassassin to flags mails as spam after a certain
100 
threshold (7 for instance). After that, this code can be configured to
101 
 
102 
<ul>
103 
<li>Pretend to be processing the Email and send continuation lines to the
104 
    remote server until it gives up (aka
105 
    <A HREF="http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html">
106 
    teergrubing</A>)
107 
<li>Accept but not deliver mail with a high threshold (i.e. devnull the mail)
108 
<li>Reject mail with a lower threshold
109 
<li>Temporarily reject mail with a still lower threshold (you can then inspect
110 
    your logs to decide if you want to tweak SA so that next time the mail
111 
    is sent, you can receive it)
112 
<li>In all 5 cases, mail can be optionally saved to disk so that you can
113 
    inspect all the mails you've rejected or /dev/nulled
114 
</ul>
115 
 
116 
You can also (and probably should <img src="/gifs/people/smile.happy.gif" alt=":-)" align=TOP WIDTH=16 HEIGHT=16>) use the new greylisting support for even
117 
better spam control
118 
 
119 
 
120 
<P>
121 
For more details, you should look at the self-documented
122 
<a href="files/sa-exim.conf">config file</a> and you can see
123 
<a href="sa-exim.demo.txt">some sample rejects and what you get in the logs</a>
124 
 
125 
 
126 
<BR><BR>
127 
<h3><A NAME="greylisting">Greylisting you say?</A></h3>
128 
While when sa-exim first came out, its strongest point was being one of the
129 
first programs (if not the first) that let you reject Spam at SMTP time, its
130 
coolest feature now is adaptive greylisting support<BR>
131 
In a nutshell, you get the advantages of greylisting without the disadvantages:
132 
<ul>
133 
<li>mails with a low spam score are accepted without delay
134 
<li>mails with an average spam score are greylisted,
135 
    <b>and only those are delayed</b>
136 
<li>mails with high spam scores are rejected regardless (no greylisting)
137 
</ul>
138 
 
139 
This method is the best combination I've seen out there so far, and
140 
while I've been talking about it for a while, I don't yet know of other
141 
programs that implement this method (if you do, please let me know so that
142 
I can acknowledge them)
143 
<BR>
144 
For more details on how this works, check out the <a href="files/sa-exim-cvs/README.greylisting">greylisting README</a>
145 
 
146 
 
147 
<BR><BR>
148 
<h3>Ok, where's the code? / Downloads</h3>
149 
<ul>
150 
<li>The latest version is here (<a href="files/sa-exim-current/">browsable tree</a> or <a href="files/sa-exim-current.tar.gz">tar.gz</a>). You can also
151 
get it from <A href="http://sourceforge.net/projects/sa-exim/">sf.net</a><BR>
152 
<li>The CVS version is here (<a href="files/sa-exim-cvs/">browsable tree</a>)
153 
and you can also get the CVS tree from
154 
<A HREF="http://sourceforge.net/cvs/?group_id=56124">sf.net</A>
155 
<li>The latest config file with documentation is
156 
<a href="files/sa-exim.conf">here</a>
157 
<li>Debian packages (source and binary) are <a href="files/debian/">here</a>
158 
</ul>
159 
<P>
160 
 
161 
As explained in the archive, you can either copy <tt>sa-exim.c</tt> over exim's
162 
<tt>src/local_scan.c</tt> You need to copy local_scan in src in the exim source
163 
tree and rebuild it, or you can build sa-exim as a loadable module (you need
164 
to patch exim to support loadable modules though)
165 
<P>
166 
You can also browse all my exim files <A HREF="files/">here</A>
167 
 
168 
<BR><BR>
169 
<h3>Mailing list</h3>
170 
You should probably subscribe to this low traffic
171 
<a href="http://lists.merlins.org/lists/listinfo/sa-exim">mailing list</a> if
172 
you download the code to keep apprised of bug fixes and enhancements
173 
 
174 
<BR><BR>
175 
<h3>Integration with Exim 4</h3>
176 
This code works without anything in the exim conf, but you probably want to use
177 
some knobs to disable scanning for some users (like setting
178 
<tt>X-SA-Do-Not-Rej</tt> or <tt>X-SA-Do-Not-Run</tt> in the rcpt ACL and
179 
removing those headers in the right places).<BR>
180 
See <A HREF="http://marc.merlins.org/linux/exim/#conf">my exim4 conf tree</a>
181 
and more specifically the
182 
<A HREF="http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf">exim4.conf</A>
183 
file
184 
<P>
185 
You can look at the <A HREF="files/sa-exim-cvs/README">README</A> for more
186 
integration details.
187 
 
188 
 
189 
<BR><BR>
190 
<h3>Changelog/Download</h3>
191 
 
192 
<Changelog>
193 
</Changelog>
194 
 
195 
<P>
196 
More generally, all the files can also be found <A HREF="files/">here</A>
197 
<P>
198 
<A HREF="/perso/contact.html">Feedback is appreciated</A> (but please
199 
prefer the use of the
200 
<a href="http://lists.merlins.org/lists/listinfo/sa-exim">sa-exim list</a>)
201 
 
202 
<BR><BR>
203 
<h3>Acknowledgements</h3>
204 
 
205 
<Acknowledgements>
206 
</Acknowledgements>
207 
 
208 
 
209 
<P ALIGN="center">
210 
<img src="/gifs/lines/misc/lampline.gif" alt="" WIDTH=720 HEIGHT=14>
211 
</P>
212 
<br>
213 
<img src="/gifs/misc/wizard.gif" alt="" align="middle" WIDTH=72 HEIGHT=61>
214 
<img src="/gifs/linux/damn-powered.gif" alt="" align="right" WIDTH=170 HEIGHT=29>
215 
<IMG SRC="/gifs/icons/msfree.gif" ALT="[ms free site]" ALIGN="right" WIDTH=95 HEIGHT=31>
216 
<a href="http://sourceforge.net"><img src="http://sourceforge.net/sflogo.php?group_id=56124&amp;type=1" width="88" height="31" border="0" align="right" alt="SourceForge.net Logo"></a>
217 
<A HREF="/perso/contact.html">Email</A><BR>
218 
<A HREF="/">Link to Home Page</A>
219 
<P>
220 
</body>
221 
</html>