Thursday, January 24, 2008

vexim (waves clove of garlic)

We run vexim at work with spamassassin to handle the email. Yesterday I realised - not before time(!) that at smtp time, exim scores incoming email using spamassassin, if it
  • scores more than 12, it gets rejected straight away, and a copy of the email is retained

  • score more than 9, it gets a temp rejection - waiting to see if the other end attempts to redeliver, and a copy of the email is retained

  • otherwise it gets handed over to [v]exim which does things like distribution lists and vacation messages and also (depending on the user) decides to deliver the email depending on the spam score - if it doesn't deliver, no copy is retained.

So the borderline spam disappears into a black hole (ditch_spam), whereas the really spammy stuff is carefully kept!? Is this what is really meant to happen? So I spent a fun few hours yesterday going back though the email logs as far as they went, looking for possible non-spam that had been ditched and warning the non-recipients!
I've now modified the exim configuration along these lines to set up a separate transport for the borderline spam stuff(apologies for the wiki spam at the top of that link!)
