Reject or drop incoming spam messages

A

AlbertP

Verified User
Joined
Dec 28, 2013
Messages
8
Hello,

On my server for many e-mail addresses a forward to GMail has been set up.
When a spam message comes in and is marked as spam by SpamAssassin, the message is not dropped or rejected but still forwarded to GMail, which in turn rejects the message. That generates a bounce e-mail which usually can't be delivered.

Would it be possible to reject spam messages in exim so that they don't have to be rejected by GMail? Recently, Google has been rate limiting e-mail from us because some e-mail accounts had too much incoming spam passing through our server.

SpamAssassin is already set up and marks most spam messages as spam as seen in /var/log/maillog. But the messages marked as spam are still forwarded as usual.
 
Do you use the SpamBlocker acl blocklist features of the exim.conf file? (In other words is your /etc/virtual/use_rbl_domains a linke to /etc/virtual/domains? If not, learn how to use SpamBlocker, as that should cut down significantly on the amount of spam delivered to gmail.

It may be possible, by rewriting how things work in SpamAssassin by making changes to the exim.conf file, but I'm not sure. Note that SpamAssassin will also never reject email; it can't because the email is already received before it's run.

It can drop it or put it into a spam mailbox, but as it works now, the check is done during the local delivery process, and of course that doesn't get run if the email is forwarded instead.

Jeff
 
I have created the symlink as nobaloney suggested. I hope it will lower the amount of spam.
 
You have created the symlink?
If you are in your admin panel from DA -> Administrator settings , you can set it up there. "Use RBL blocking" select yes and DA makes the symlink for you. ;)
 
Arieh said:
I believe option 2) provides a solution: http://help.directadmin.com/item.php?id=471

The linked article which explains how to edit the spamassassin config seems to be current; although with CB 2.0 it's in the file /etc/exim.spamassassin.conf.

However I wonder why it doesn't scan forwarders by default.
Click to expand...

If someone can tell me it definitely works I can put it into my code, and if I do, then John might consider it when we unify the codebase.

Someone please check :)

Thanks.

Jeff
 
@ Richard G: Thanks for the suggestion. The RBL is already working, though; I see in the logs that some messages (which were clearly spam) were blocked by SPAMHAUS.

@ nobaloney: It appears there is indeed a user with a catch-all e-mail on the server, so it's probably a good thing to try. But where would it create a spambox file if the spam is sent to a non-existing user? I see nothing suspicious in the Maildir of the user whose domain has a catch-all, nor in the Maildir of his domain.
Also, if SpamAssassin would not check forwarded e-mails, why would forwarders be mentioned in this article?

It looks like forwarded mails are definitely passed through SpamAssassin, since the directors for aliases and .forwards (from line 625 on) are under the spamcheck_director (on line 557) in my exim.conf. And the comment above the directors tells that order does matter.
The logs also suggest that these mails are spam scanned. However, it appears that no steps are taken for messages that receive a high score.

This is my exim.conf: SpamBlocker.exim.conf.2.1.1-release 05-Jun-2007
 
I have made the changes to exim.conf as suggested by http://help.directadmin.com/item.php?id=156. I will see what happens. I'm often checking my exim logs for suspicious things.

edit: I have not noted any difference so far - but that is probably because Spamhaus is already blocking most unwanted messages.
 
Last edited:
AlbertP: I know it's already working, but it's good to keep this in mind for the future, so you don't need the make symlinks again.:)

You can also add spamcop to your RBL list if you want if some spam messages still get through.
If not present already, you can add this to your exim.conf:
Code: 
# deny using spamcop
  deny message = Email blocked by SPAMCOP - to unblock see http://www.spamcop.net/fom-serve/cache/76.html
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = bl.spamcop.net
 
I think my problem is solved because Spamhaus already blocks most unwanted e-mails; Google would only receive a few spam messages now which aren't causing a rate limit of e-mails anymore.

Thanks for your suggestions.
 
You must log in or register to reply here.
Back
Top