HowTo: MailScanner+Exim for FreeBSD

Spamassassin modifications

Hey guys,

I've been running on this setup (from the post) for a good couple of months with no issues, however I'm wanting to add some rules to spamassassin however can't figure out which file to modify.

I want to add something like this:

body THISISATEST /this is a test/i
describe THISISATEST We just testing
score THISISATEST 50


However each and every local.cf I add it to it doesnt work, i've alo tried to add it to /usr/share/spamassassin/10_misc.cf and still doesn't work.

Any help would be much appreciated.

Cheers
Barry
 
A far more efficient means of running MailScanner is via split directories. This should be configured in Exim as well as in MailScanner. Split directories reduces the overhead of processing mail via MS instead of dumping everyting into one directory.
 
Last edited:
Running like a dream for over a year

Hey there,

This has been running just fine for over a year, however I've just encounted an error where a school emails all their students using phplist, all the email (6000 odd) is queued, scanned for viruses and scanned for spam, so I did the following in hope things would speed up:

Virus Scanning = %rules-dir%/virus.scanning.rules

In virus.scanning.rules I added:
FromOrTo: default yes
From: 127.0.0.1 no
From: x.x.x.x no (mail server IP)
From: [email protected] no (mailing list email address)

I also added the following to spam.whitelist.rules
FromOrTo: default no
From: x.x.x.x yes (mail server IP)
From: 127.0.0.1 yes

Even though email is being whitelisted, it's only doing it in batches of 30 and MailScanner is still using 100% CPU even though it shouldn't be scanning virus/spam which I find weird...

How can I stop outgoing scanning?
 
think i found it

I think I found the solution:
root@sophia:/usr/local/etc/MailScanner# grep report.alwaysinclude.conf ./MailScanner.conf
Always Include SpamAssassin Report = %report-dir%/report.alwaysinclude.conf


root@sophia:/usr/local/etc/MailScanner# cat rules/report.alwaysinclude.conf
FromOrTo: default yes
From: 127.0.0.1 no
From: x.x.x. no (IP ranges of mail servers)
 
If you have 6k in mail waiting to be scanned by MS then you can expect high loads, thats a guarantee and there is nothing you can do about it unless.

1) You renamed /var/spool/exim/incoming/input to something else so that those messages dont get processed or
2) You start controlling the number of incoming mail thats allowed in at once.

No matter what you do though, if you have thousands of messages in the incoming queue your going to get big loads from MS.

Another thing you can do is log into DA and go to the queue. You could try deleting the messages from there, good luck as DA is hopeless in allowing people to remove mass quantities of mail from the mail queue. I suggest 1) above then you will need to recreate input and restart exim.
 
mmm

Don't think you understand what I was trying to do... stop mailscanner scanning messages from the local server or from the LAN...

I.e. if someone uses some form of mailing list script, dont scan all those thousands of emails as I dont care about outbound email only inbound email being scanned.

The above was the solution.

P.s.
exim -bp -C /etc/exim_outgoing.conf | awk '/[email protected]/ {print $3}' | xargs exim -C/etc/exim_outgoing.conf -Mrm -- empty email queue for this email address
 
help

Hi,

I've been using this mailscanner for nearly 2 years now and it's been great. I've since had a lot more users added to the system and now want to move mailscanner to another box or 2, has anyone done this and got it working?

Basically the 2 mailscanner boxes in front will accept mail and if not spam forward it to the internal directadmin server to the clients mailboxes. This will load balance the scanning across 2 hosts and free up lots of CPU on the DirectAdmin server
 
You must log in or register to reply here.
Back
Top