Rev 3 | Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
1 | magnus | 1 | <html> |
2 | <head> |
||
3 | <title>Exim SpamAssassin at SMTP time</title> |
||
4 | </head> |
||
5 | |||
6 | <body> |
||
7 | |||
8 | <h1 ALIGN="CENTER">Exim SpamAssassin at SMTP time</h1> |
||
9 | |||
10 | <h3>What's that?</h3> |
||
11 | <pre> |
||
12 | mail from: merlin@gandalf |
||
13 | 250 OK |
||
14 | rcpt to: merlin@gandalf |
||
15 | 250 Accepted |
||
16 | data |
||
17 | 354 Enter message, ending with "." on a line by itself |
||
18 | From: merlin@gandalf |
||
19 | To: merlin@gandalf |
||
20 | Subject: $$$ Make Money Fast $$$ !!! |
||
21 | |||
22 | viagra 100% GARANTEE AMAZING FULL REFUND |
||
23 | This is not spam |
||
24 | . |
||
25 | 550 Rejected |
||
26 | </pre> |
||
27 | (logs would show something like this: |
||
28 | <tt>2004-03-10 08:27:18 1B16Y8-0001UP-4R SA: Action: permanently rejected message: hits=14.8 required=7.0 trigger=11.0 ( scanned in 2/2 secs | Message-Id: CCQPVENACPQBFLTRLICXWQVEK@gandalf). From <merlin@gandalf> (host=gandalf [127.0.0.1]) for merlin@gandalf</tt>) |
||
29 | |||
30 | |||
31 | <P> |
||
32 | An example of teergrube would return this instead |
||
33 | <pre> |
||
34 | data |
||
35 | 354 Enter message, ending with "." on a line by itself |
||
36 | (...) |
||
37 | body SEE_FOR_YOURSELF /See (?:for|it) yourself\b/i |
||
38 | describe SEE_FOR_YOURSELF See for yourself |
||
39 | |||
40 | body ORDER_NOW /\border (?:now|soon|fast|quickly|while)\b/i |
||
41 | describe ORDER_NOW Encourages you to waste no time in ordering |
||
42 | |||
43 | . |
||
44 | 451- wait for more output |
||
45 | 451- wait for more output |
||
46 | 451- wait for more output |
||
47 | (... one line every 10 secs, 15 minutes elapse ...) |
||
48 | 450 Please try again later |
||
49 | </pre> |
||
50 | |||
51 | The idea here is to stall and waste the resources of the remote sender (BTW |
||
52 | teergrube comes from german, and means tar-pitting, or stopping someone in his |
||
53 | tracks) |
||
54 | |||
55 | <BR><BR> |
||
56 | <h3>Why?</h3> |
||
57 | SpamAssassin can be run inside exim after the mail has been accepted, as shown |
||
58 | <a href="http://bogmog.sourceforge.net/document_show.php3?doc_id=28">here</a>, |
||
59 | but if you're not going to use my patch and you just want to run SA as an exim |
||
60 | transport, |
||
61 | <a href="http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/">this</a> |
||
62 | version is recommended |
||
63 | <P> |
||
64 | Now, while this will work, we can do better, hence the reason for my code |
||
65 | (just to make things clear, you do not want to run both my code, and dman's |
||
66 | transports. It'd work, but you'd be scanning the message twice) |
||
67 | <P> |
||
68 | The reason why I wanted SpamAssassin in local scan is that I don't want to |
||
69 | accept the damn spam in the first place. |
||
70 | |||
71 | <ul> |
||
72 | <li>While my code lets you do that, I don't like to send mails to the bit |
||
73 | bucket, so you need to bounce them. |
||
74 | <li>Once you accept the spam, you can't bounce it half the time, or you |
||
75 | bounce it to an innocent whose Email was forged as an envelope sender |
||
76 | (some spam even forges the bounce address to <em>you</em>) |
||
77 | <li>If I refuse spam at SMTP time, it will remove the spam addresses from at |
||
78 | least a few lists (they gotta clean their lists eventually otherwise they'd |
||
79 | spend more time Emailing dead addresses than good ones) |
||
80 | <li>I have the option of toying with spammers and stall their connections and |
||
81 | waste their resources (see the following page for details on |
||
82 | <A HREF="http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html"> |
||
83 | teergrubing</A> |
||
84 | </ul> |
||
85 | |||
86 | Note that you can also use this code to simply run SA on all your mails (or |
||
87 | portion thereof as configured with SAEximRunCond) without having to configure SA |
||
88 | in your exim.conf. In other words, this code can be configured to not reject |
||
89 | any mails. |
||
90 | |||
91 | <BR><BR> |
||
92 | <h3>SpamAssassin? What's that?</h3> |
||
93 | Ah, you need to visit <a href="http://spamassassin.org/">this page</a> first |
||
94 | then |
||
95 | |||
96 | |||
97 | <BR><BR> |
||
98 | <h3>How does it work, what knobs are there?</h3> |
||
99 | You need to configure spamassassin to flags mails as spam after a certain |
||
100 | threshold (7 for instance). After that, this code can be configured to |
||
101 | |||
102 | <ul> |
||
103 | <li>Pretend to be processing the Email and send continuation lines to the |
||
104 | remote server until it gives up (aka |
||
105 | <A HREF="http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html"> |
||
106 | teergrubing</A>) |
||
107 | <li>Accept but not deliver mail with a high threshold (i.e. devnull the mail) |
||
108 | <li>Reject mail with a lower threshold |
||
109 | <li>Temporarily reject mail with a still lower threshold (you can then inspect |
||
110 | your logs to decide if you want to tweak SA so that next time the mail |
||
111 | is sent, you can receive it) |
||
112 | <li>In all 5 cases, mail can be optionally saved to disk so that you can |
||
113 | inspect all the mails you've rejected or /dev/nulled |
||
114 | </ul> |
||
115 | |||
116 | You can also (and probably should <img src="/gifs/people/smile.happy.gif" alt=":-)" align=TOP WIDTH=16 HEIGHT=16>) use the new greylisting support for even |
||
117 | better spam control |
||
118 | |||
119 | |||
120 | <P> |
||
121 | For more details, you should look at the self-documented |
||
122 | <a href="files/sa-exim.conf">config file</a> and you can see |
||
123 | <a href="sa-exim.demo.txt">some sample rejects and what you get in the logs</a> |
||
124 | |||
125 | |||
126 | <BR><BR> |
||
127 | <h3><A NAME="greylisting">Greylisting you say?</A></h3> |
||
128 | While when sa-exim first came out, its strongest point was being one of the |
||
129 | first programs (if not the first) that let you reject Spam at SMTP time, its |
||
130 | coolest feature now is adaptive greylisting support<BR> |
||
131 | In a nutshell, you get the advantages of greylisting without the disadvantages: |
||
132 | <ul> |
||
133 | <li>mails with a low spam score are accepted without delay |
||
134 | <li>mails with an average spam score are greylisted, |
||
135 | <b>and only those are delayed</b> |
||
136 | <li>mails with high spam scores are rejected regardless (no greylisting) |
||
137 | </ul> |
||
138 | |||
139 | This method is the best combination I've seen out there so far, and |
||
140 | while I've been talking about it for a while, I don't yet know of other |
||
141 | programs that implement this method (if you do, please let me know so that |
||
142 | I can acknowledge them) |
||
143 | <BR> |
||
144 | For more details on how this works, check out the <a href="files/sa-exim-cvs/README.greylisting">greylisting README</a> |
||
145 | |||
146 | |||
147 | <BR><BR> |
||
148 | <h3>Ok, where's the code? / Downloads</h3> |
||
149 | <ul> |
||
150 | <li>The latest version is here (<a href="files/sa-exim-current/">browsable tree</a> or <a href="files/sa-exim-current.tar.gz">tar.gz</a>). You can also |
||
151 | get it from <A href="http://sourceforge.net/projects/sa-exim/">sf.net</a><BR> |
||
152 | <li>The CVS version is here (<a href="files/sa-exim-cvs/">browsable tree</a>) |
||
153 | and you can also get the CVS tree from |
||
154 | <A HREF="http://sourceforge.net/cvs/?group_id=56124">sf.net</A> |
||
155 | <li>The latest config file with documentation is |
||
156 | <a href="files/sa-exim.conf">here</a> |
||
157 | <li>Debian packages (source and binary) are <a href="files/debian/">here</a> |
||
158 | </ul> |
||
159 | <P> |
||
160 | |||
161 | As explained in the archive, you can either copy <tt>sa-exim.c</tt> over exim's |
||
162 | <tt>src/local_scan.c</tt> You need to copy local_scan in src in the exim source |
||
163 | tree and rebuild it, or you can build sa-exim as a loadable module (you need |
||
164 | to patch exim to support loadable modules though) |
||
165 | <P> |
||
166 | You can also browse all my exim files <A HREF="files/">here</A> |
||
167 | |||
168 | <BR><BR> |
||
169 | <h3>Mailing list</h3> |
||
170 | You should probably subscribe to this low traffic |
||
171 | <a href="http://lists.merlins.org/lists/listinfo/sa-exim">mailing list</a> if |
||
172 | you download the code to keep apprised of bug fixes and enhancements |
||
173 | |||
174 | <BR><BR> |
||
175 | <h3>Integration with Exim 4</h3> |
||
176 | This code works without anything in the exim conf, but you probably want to use |
||
177 | some knobs to disable scanning for some users (like setting |
||
178 | <tt>X-SA-Do-Not-Rej</tt> or <tt>X-SA-Do-Not-Run</tt> in the rcpt ACL and |
||
179 | removing those headers in the right places).<BR> |
||
180 | See <A HREF="http://marc.merlins.org/linux/exim/#conf">my exim4 conf tree</a> |
||
181 | and more specifically the |
||
182 | <A HREF="http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf">exim4.conf</A> |
||
183 | file |
||
184 | <P> |
||
185 | You can look at the <A HREF="files/sa-exim-cvs/README">README</A> for more |
||
186 | integration details. |
||
187 | |||
188 | |||
189 | <BR><BR> |
||
190 | <h3>Changelog/Download</h3> |
||
191 | |||
192 | <Changelog> |
||
193 | </Changelog> |
||
194 | |||
195 | <P> |
||
196 | More generally, all the files can also be found <A HREF="files/">here</A> |
||
197 | <P> |
||
198 | <A HREF="/perso/contact.html">Feedback is appreciated</A> (but please |
||
199 | prefer the use of the |
||
200 | <a href="http://lists.merlins.org/lists/listinfo/sa-exim">sa-exim list</a>) |
||
201 | |||
202 | <BR><BR> |
||
203 | <h3>Acknowledgements</h3> |
||
204 | |||
205 | <Acknowledgements> |
||
206 | </Acknowledgements> |
||
207 | |||
208 | |||
209 | <P ALIGN="center"> |
||
210 | <img src="/gifs/lines/misc/lampline.gif" alt="" WIDTH=720 HEIGHT=14> |
||
211 | </P> |
||
212 | <br> |
||
213 | <img src="/gifs/misc/wizard.gif" alt="" align="middle" WIDTH=72 HEIGHT=61> |
||
214 | <img src="/gifs/linux/damn-powered.gif" alt="" align="right" WIDTH=170 HEIGHT=29> |
||
215 | <IMG SRC="/gifs/icons/msfree.gif" ALT="[ms free site]" ALIGN="right" WIDTH=95 HEIGHT=31> |
||
216 | <a href="http://sourceforge.net"><img src="http://sourceforge.net/sflogo.php?group_id=56124&type=1" width="88" height="31" border="0" align="right" alt="SourceForge.net Logo"></a> |
||
217 | <A HREF="/perso/contact.html">Email</A><BR> |
||
218 | <A HREF="/">Link to Home Page</A> |
||
219 | <P> |
||
220 | </body> |
||
221 | </html> |