Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)
On Tuesday 07 October 2003 19:48, Alfredo Valles wrote:
> > I have added practically every major country suffix in my
> > /etc/mail/access file and I am discovering new ones every day!
> > Man, I am so close to blocking "net" and "com". Well, in that case
> > I might just as well shutdown my email server. Although I must say
> > that it's kind of satisfying to see "reject=553" messages in
> > syslog.
> >
> > I am curious to find out how long it takes for SWEN to find the
> > email address I am posting this from.
>
> I was near suicide when some good guy in this list recommended me
> spamassissin. It's so easy to get to work and once that you train the
> bayesian filter bye bye to all the stupids swen mails.
Yeah, that's one option. I considered it, but the problem is, if you
feed the learner with tons of similar viruses, how good will it be to
kill spam...? Also, if you feed those to Vipul's Razor, what would it
mean for Razor....?
With those considerations, I have opted to kill viruses first, then let
SpamAssassin take care of the rest.
I'm working on it right now, actually. I have just upgraded my mail
server to Exim4. I think I would recommend that to everyone. If you ask
for help on the Exim users list about Exim 3, people don't remember
what it was like running Exim 3 anymore, so you're quite lost... :-)
But don't ask me for help if you do, I'm really struggling myself... :-)
What I've done is to install exim4-daemon-heavy and clamav-daemon, then
have a DATA ACL reject certain executables, then pass it to clamd if
that didn't do the trick. They are rejected in the SMTP dialogue, if I
got this right (somebody correct me if I'm wrong, ASAP :-) ), so the
bounce doesn't hit an innocent bystander.
I'm seeing these beautiful lines in my rejectlog:
2003-10-07 21:15:32 1A6xIx-0007Hq-Fi H=vsmtp4.tin.it [212.216.176.224]
F=<censored@tin.it> rejected after DATA: exe files are not accepted
here
A few docs:
http://www.timj.co.uk/linux/exim.php
http://marc.merlins.org/linux/exim/
http://www.tu-berlin.de/zrz/dienste/netz/mail/EXIM/spec_37.html#CHAP37
http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt
Needed APT sources:
deb http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/ woody/
deb http://www.logic.univie.ac.at/~ametzler/debian/gnutls/ woody/
deb http://people.debian.org/~aurel32/BACKPORTS stable main
I've been working hard to get SA-Exim working on the top of this...
SA-Exim is one of Marc Merlins beautiful hacks, to use SpamAssassin to
reject spam at SMTP-time. It looks so simple; just install the .deb
from
http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim-sa/sa-exim_3.0-1_i386.deb
edit /etc/exim4/spamassassin.conf to enable it, then uncomment one line
in /etc/exim4/conf.d/main/15_sa-exim_plugin_path rebuild the config
file, and that, I thought, would do the trick.... But nothing happens.
It doesn't enter the config file, but there is no error message...
Before I run along to the sa-exim mailing list, has anybody here got it
working?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net webmaster@skepsis.no editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC
Reply to: