Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 3 | Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
1 magnus 1
<html>
2
<head>
3
<title>Exim SpamAssassin at SMTP time</title>
4
</head>
5
 
6
<body>
7
 
8
<h1 ALIGN="CENTER">Exim SpamAssassin at SMTP time</h1>
9
 
10
<h3>What's that?</h3>
11
<pre>
12
mail from: merlin@gandalf
13
250 OK
14
rcpt to: merlin@gandalf
15
250 Accepted
16
data
17
354 Enter message, ending with "." on a line by itself
18
From: merlin@gandalf
19
To: merlin@gandalf
20
Subject: $$$ Make Money Fast $$$ !!!
21
 
22
viagra 100% GARANTEE AMAZING FULL REFUND
23
This is not spam
24
.
25
550 Rejected
26
</pre>
27
(logs would show something like this:
28
<tt>2004-03-10 08:27:18 1B16Y8-0001UP-4R SA: Action: permanently rejected message: hits=14.8 required=7.0 trigger=11.0 ( scanned in 2/2 secs | Message-Id: CCQPVENACPQBFLTRLICXWQVEK@gandalf). From <merlin@gandalf> (host=gandalf [127.0.0.1]) for merlin@gandalf</tt>)
29
 
30
 
31
<P>
32
An example of teergrube would return this instead
33
<pre>
34
data
35
354 Enter message, ending with "." on a line by itself
36
(...)
37
body     SEE_FOR_YOURSELF       /See (?:for|it) yourself\b/i
38
describe SEE_FOR_YOURSELF       See for yourself
39
 
40
body ORDER_NOW                  /\border (?:now|soon|fast|quickly|while)\b/i
41
describe ORDER_NOW              Encourages you to waste no time in ordering
42
 
43
.
44
451- wait for more output
45
451- wait for more output
46
451- wait for more output
47
(... one line every 10 secs, 15 minutes elapse ...)
48
450 Please try again later
49
</pre>
50
 
51
The idea here is to stall and waste the resources of the remote sender (BTW
52
teergrube comes from german, and means tar-pitting, or stopping someone in his
53
tracks)
54
 
55
<BR><BR>
56
<h3>Why?</h3>
57
SpamAssassin can be run inside exim after the mail has been accepted, as shown
58
<a href="http://bogmog.sourceforge.net/document_show.php3?doc_id=28">here</a>,
59
but if you're not going to use my patch and you just want to run SA as an exim
60
transport,
61
<a href="http://dman13.dyndns.org/~dman/config_docs/exim-spamassassin/">this</a>
62
version is recommended
63
<P>
64
Now, while this will work, we can do better, hence the reason for my code
65
(just to make things clear, you do not want to run both my code, and dman's
66
transports. It'd work, but you'd be scanning the message twice)
67
<P>
68
The reason why I wanted SpamAssassin in local scan is that I don't want to
69
accept the damn spam in the first place.
70
 
71
<ul>
72
<li>While my code lets you do that, I don't like to send mails to the bit
73
    bucket, so you need to bounce them.
74
<li>Once you accept the spam, you can't bounce it half the time, or you
75
    bounce it to an innocent whose Email was forged as an envelope sender
76
    (some spam even forges the bounce address to <em>you</em>)
77
<li>If I refuse spam at SMTP time, it will remove the spam addresses from at
78
    least a few lists (they gotta clean their lists eventually otherwise they'd
79
    spend more time Emailing dead addresses than good ones)
80
<li>I have the option of toying with spammers and stall their connections and
81
    waste their resources (see the following page for details on
82
    <A HREF="http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html">
83
    teergrubing</A>
84
</ul>
85
 
86
Note that you can also use this code to simply run SA on all your mails (or
87
portion thereof as configured with SAEximRunCond) without having to configure SA
88
in your exim.conf. In other words, this code can be configured to not reject
89
any mails.
90
 
91
<BR><BR>
92
<h3>SpamAssassin? What's that?</h3>
93
Ah, you need to visit <a href="http://spamassassin.org/">this page</a> first
94
then
95
 
96
 
97
<BR><BR>
98
<h3>How does it work, what knobs are there?</h3>
99
You need to configure spamassassin to flags mails as spam after a certain
100
threshold (7 for instance). After that, this code can be configured to
101
 
102
<ul>
103
<li>Pretend to be processing the Email and send continuation lines to the
104
    remote server until it gives up (aka
105
    <A HREF="http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html">
106
    teergrubing</A>)
107
<li>Accept but not deliver mail with a high threshold (i.e. devnull the mail)
108
<li>Reject mail with a lower threshold
109
<li>Temporarily reject mail with a still lower threshold (you can then inspect
110
    your logs to decide if you want to tweak SA so that next time the mail
111
    is sent, you can receive it)
112
<li>In all 5 cases, mail can be optionally saved to disk so that you can
113
    inspect all the mails you've rejected or /dev/nulled
114
</ul>
115
 
116
You can also (and probably should <img src="/gifs/people/smile.happy.gif" alt=":-)" align=TOP WIDTH=16 HEIGHT=16>) use the new greylisting support for even
117
better spam control
118
 
119
 
120
<P>
121
For more details, you should look at the self-documented
122
<a href="files/sa-exim.conf">config file</a> and you can see
123
<a href="sa-exim.demo.txt">some sample rejects and what you get in the logs</a>
124
 
125
 
126
<BR><BR>
127
<h3><A NAME="greylisting">Greylisting you say?</A></h3>
128
While when sa-exim first came out, its strongest point was being one of the
129
first programs (if not the first) that let you reject Spam at SMTP time, its
130
coolest feature now is adaptive greylisting support<BR>
131
In a nutshell, you get the advantages of greylisting without the disadvantages:
132
<ul>
133
<li>mails with a low spam score are accepted without delay
134
<li>mails with an average spam score are greylisted,
135
    <b>and only those are delayed</b>
136
<li>mails with high spam scores are rejected regardless (no greylisting)
137
</ul>
138
 
139
This method is the best combination I've seen out there so far, and
140
while I've been talking about it for a while, I don't yet know of other
141
programs that implement this method (if you do, please let me know so that
142
I can acknowledge them)
143
<BR>
144
For more details on how this works, check out the <a href="files/sa-exim-cvs/README.greylisting">greylisting README</a>
145
 
146
 
147
<BR><BR>
148
<h3>Ok, where's the code? / Downloads</h3>
149
<ul>
150
<li>The latest version is here (<a href="files/sa-exim-current/">browsable tree</a> or <a href="files/sa-exim-current.tar.gz">tar.gz</a>). You can also
151
get it from <A href="http://sourceforge.net/projects/sa-exim/">sf.net</a><BR>
152
<li>The CVS version is here (<a href="files/sa-exim-cvs/">browsable tree</a>)
153
and you can also get the CVS tree from
154
<A HREF="http://sourceforge.net/cvs/?group_id=56124">sf.net</A>
155
<li>The latest config file with documentation is
156
<a href="files/sa-exim.conf">here</a>
157
<li>Debian packages (source and binary) are <a href="files/debian/">here</a>
158
</ul>
159
<P>
160
 
161
As explained in the archive, you can either copy <tt>sa-exim.c</tt> over exim's
162
<tt>src/local_scan.c</tt> You need to copy local_scan in src in the exim source
163
tree and rebuild it, or you can build sa-exim as a loadable module (you need
164
to patch exim to support loadable modules though)
165
<P>
166
You can also browse all my exim files <A HREF="files/">here</A>
167
 
168
<BR><BR>
169
<h3>Mailing list</h3>
170
You should probably subscribe to this low traffic
171
<a href="http://lists.merlins.org/lists/listinfo/sa-exim">mailing list</a> if
172
you download the code to keep apprised of bug fixes and enhancements
173
 
174
<BR><BR>
175
<h3>Integration with Exim 4</h3>
176
This code works without anything in the exim conf, but you probably want to use
177
some knobs to disable scanning for some users (like setting
178
<tt>X-SA-Do-Not-Rej</tt> or <tt>X-SA-Do-Not-Run</tt> in the rcpt ACL and
179
removing those headers in the right places).<BR>
180
See <A HREF="http://marc.merlins.org/linux/exim/#conf">my exim4 conf tree</a>
181
and more specifically the
182
<A HREF="http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf">exim4.conf</A>
183
file
184
<P>
185
You can look at the <A HREF="files/sa-exim-cvs/README">README</A> for more
186
integration details.
187
 
188
 
189
<BR><BR>
190
<h3>Changelog/Download</h3>
191
 
192
<Changelog>
193
</Changelog>
194
 
195
<P>
196
More generally, all the files can also be found <A HREF="files/">here</A>
197
<P>
198
<A HREF="/perso/contact.html">Feedback is appreciated</A> (but please
199
prefer the use of the
200
<a href="http://lists.merlins.org/lists/listinfo/sa-exim">sa-exim list</a>)
201
 
202
<BR><BR>
203
<h3>Acknowledgements</h3>
204
 
205
<Acknowledgements>
206
</Acknowledgements>
207
 
208
 
209
<P ALIGN="center">
210
<img src="/gifs/lines/misc/lampline.gif" alt="" WIDTH=720 HEIGHT=14>
211
</P>
212
<br>
213
<img src="/gifs/misc/wizard.gif" alt="" align="middle" WIDTH=72 HEIGHT=61>
214
<img src="/gifs/linux/damn-powered.gif" alt="" align="right" WIDTH=170 HEIGHT=29>
215
<IMG SRC="/gifs/icons/msfree.gif" ALT="[ms free site]" ALIGN="right" WIDTH=95 HEIGHT=31>
216
<a href="http://sourceforge.net"><img src="http://sourceforge.net/sflogo.php?group_id=56124&amp;type=1" width="88" height="31" border="0" align="right" alt="SourceForge.net Logo"></a>
217
<A HREF="/perso/contact.html">Email</A><BR>
218
<A HREF="/">Link to Home Page</A>
219
<P>
220
</body>
221
</html>