[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Exim4, Clamav, SA-Exim, (was Re: SWEN isn't slowing down)

On Tuesday 07 October 2003 19:48, Alfredo Valles wrote:
> > I have added practically every major country suffix in my
> > /etc/mail/access file and I am discovering new ones every day!
> >  Man, I am so close to blocking "net" and "com". Well, in that case
> > I might just as well shutdown my email server. Although I must say
> > that it's kind of satisfying to see "reject=553" messages in
> > syslog.
> >
> > I am curious to find out how long it takes for SWEN to find the
> > email address I am posting this from.
>
> I was near suicide when some good guy in this list recommended me
> spamassissin. It's so easy to get to work and once that you train the
> bayesian filter bye bye to all the stupids swen mails.

Yeah, that's one option. I considered it, but the problem is, if you 
feed the learner with tons of similar viruses, how good will it be to 
kill spam...? Also, if you feed those to Vipul's Razor, what would it 
mean for Razor....? 

With those considerations, I have opted to kill viruses first, then let 
SpamAssassin take care of the rest. 

I'm working on it right now, actually. I have just upgraded my mail 
server to Exim4. I think I would recommend that to everyone. If you ask 
for help on the Exim users list about Exim 3, people don't remember 
what it was like running Exim 3 anymore, so you're quite lost... :-)

But don't ask me for help if you do, I'm really struggling myself... :-) 

What I've done is to install exim4-daemon-heavy and clamav-daemon, then 
have a DATA ACL reject certain executables, then pass it to clamd if 
that didn't do the trick. They are rejected in the SMTP dialogue, if I 
got this right (somebody correct me if I'm wrong, ASAP :-) ), so the 
bounce doesn't hit an innocent bystander.

I'm seeing these beautiful lines in my rejectlog:
2003-10-07 21:15:32 1A6xIx-0007Hq-Fi H=vsmtp4.tin.it [212.216.176.224] 
F=<censored@tin.it> rejected after DATA: exe files are not accepted 
here


A few docs:
http://www.timj.co.uk/linux/exim.php
http://marc.merlins.org/linux/exim/
http://www.tu-berlin.de/zrz/dienste/netz/mail/EXIM/spec_37.html#CHAP37
http://duncanthrax.net/exiscan-acl/exiscan-acl-spec.txt

Needed APT sources:

deb http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/ woody/
deb http://www.logic.univie.ac.at/~ametzler/debian/gnutls/ woody/
deb http://people.debian.org/~aurel32/BACKPORTS stable main

I've been working hard to get SA-Exim working on the top of this... 
SA-Exim is one of Marc Merlins beautiful hacks, to use SpamAssassin to 
reject spam at SMTP-time. It looks so simple; just install the .deb 
from 
http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim-sa/sa-exim_3.0-1_i386.deb
edit /etc/exim4/spamassassin.conf to enable it, then uncomment one line 
in /etc/exim4/conf.d/main/15_sa-exim_plugin_path rebuild the config 
file, and that, I thought, would do the trick.... But nothing happens. 
It doesn't enter the config file, but there is no error message... 

Before I run along to the sa-exim mailing list, has anybody here got it 
working?

Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC
Reply to: