Exim, SpamAssassin and AV-advice needed

To: debian-user@lists.debian.org
Subject: Exim, SpamAssassin and AV-advice needed
From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
Date: Fri, 10 Jan 2003 15:51:52 +0100
Message-id: <[🔎] 200301101551.52284.kjetil@kjernsmo.net>

Hi folks!

I have some real trouble with my mail server. It is running on a Pentium 
PRO 180 MHz box with 96 MB RAM, and last night the whole thing almost 
died. My analysis of the situation makes me think that I need to work a 
lot more on my config. 

Short version: Has anybody made a setup of Exim, SpamAssassin and some 
anti-virus-software (amavis, clamav etc) that does the following:
- Messages to addresses such as postmaster, abuse, security etc are not 
  scanned at all but delivered immediately to the local user the alias    
  points at. 
- Messages flagged as containing virus, is saved to a file and not   
  processed any further.
- Messages to spamtraps are not scanned by SpamAssassin, but passed off 
  to Razor and learning systems (this spamtraps gets viruses too, 
  actually).
- The rest of the e-mail is sent through SpamAssassin and delivered 
  thereafter as normal. 

Long version: I did apparently get hit rather badly by a bunch of 
e-mails with large virus-attachments last night at about 3am my time. 
At the same time, some lists I administer on a server with an old 
Mailman install got spammed hard, causes Mailman to send me notices. 
Due to that Spamassassin was busy scanning those viruses, and my new 
2.43 install didn't get Razor to work as expected, the notices from 
Mailman bounced. The funny thing with this install (which isn't mine, I 
can't fix it) is that it reacts to a bounce from an admin, with sending 
the admin another message complaining about the bounce... Which 
bounces, of course, so it sends another, and another... Half an hour 
later, syslog indicates that my machine ran out of memory, and when I 
came to work this morning, everything had pretty much stalled... It 
took me half an hour to type shutdown -r now in a shell I had left.... 

Nevertheless, I really need Spamassassin working, becaue I'm used to 
getting spammed hard. But obviously, I would rather have a virus 
scanner take care of those large MS-virus-attachments, so SA won't have 
to deal with those. I hope this could reduce the load somewhat in 
situations like this. (Or would it?)

Much of the software needed has been backported to Woody by Aurelien 
Jarno
http://people.debian.org/~aurel32/BACKPORTS/dists/woody/main/binary-i386/Packages
I have allready grabbed his SpamAssassin backport, and Clamav and Amavis 
are both there, so it is easy enough to apt-get, but I do not feel 
confident that they are easy to configure like I want... So, if anybody 
has done something like this, I would be very happy if you could 
help... :-)

Best,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/

Reply to:

Follow-Ups:
- Re: Exim, SpamAssassin and AV-advice needed
  - From: Derrick 'dman' Hudson <dman@dman.ddts.net>

Prev by Date: Re: [apt] Disabling upgrade to insecure packages
Next by Date: Re: broken package: testing: libapache-request-perl
Previous by thread: logroate vs. savelog
Next by thread: Re: Exim, SpamAssassin and AV-advice needed
Index(es):
- Date
- Thread