Stop Exim scannig before forwarding?

[Ste]

Hi there,

I'm looking to stop my exim scanning e-mails before they have been forwarded. Is this possible?

For example, I have one e-mail account and 10 forwarders forwarding all my e-mails to one account on my server. When e-mail is scanned and spam is found, it moves it to the appropriate spam folder which does not exist as the user is just a forwarder (but it still treats it as an account).

I would be tempted to just move the forwarder block in exim.conf over spam assassin checks, but I'm not sure this will work and I don't want to 'try' on a non-development server.

Any ideas?

 

[nobaloney]

I'm not sure which piece of code you mean, since there's nothing called "forwarder" in the exim.conf file. Can you please be more specific.

You can't just move things around in exim.conf; the file actually has a structure. It may be possible for you to do what you want, depending on specifically what you want to do.

I don't use SpamAssassin myself (though I am now making it available to our clients after doubling the memory on our shared hosting servers). So I don't know the answer to this question: what does happen to the spam mail since the user doesn't exist?

Thanks.

Jeff

 

[Ste]

Hi,

Well when you create a forwarder, and enable all SpamAsassin things, if a spam e-mail is sent to the forwarder '[email protected]' (which should be redirect to [email protected]) SpamAsassin runs and if it's flagged as spam, depending on your choice of what to do with it (let's say put it in the spambox) it puts it in a spambox.

This means the spambox is located at /home/<username>/.spamassassin/user_spam/<email>

Now, even though the forwarder is not an e-mail account, it will create a spambox for it. Resulting in lost e-mails or genuine one's depending on your SpamAssasin settings.

Let's say you had a catch-all account to one e-mail account. In theorie, if a user sent the same spam e-mail to <a-z>@yourdomain.com, those spamboxes will be created in the /user_spam/ directory even when it's not an account.

 

[DirectAdmin Support]

Hello,

Change your spamassassin section of your /etc/exim.conf to match this:
http://help.directadmin.com/item.php?id=156
(without the extra forwarder line mentioned at the bottom)

John

 

[Ste]

Hi John,

Working wonderfully.

Thank you.

 

[sander79]

Hello,

Change your spamassassin section of your /etc/exim.conf to match this:
http://help.directadmin.com/item.php?id=156
(without the extra forwarder line mentioned at the bottom)

John

I've read the page, but I don't understand it.

Subject says: "Change SpamAssassin to only scan local mailboxes"

Text says: "..You can tell exim not to scan any email if it does have a valid account...."

What is it ??

 

[DirectAdmin Support]

Hello,

The default action is for SA to scan everything that comes into exim before it does any routing to accounts, forwarders, lists, etc... Everything gets scanned.

What this does, is has a condidion to only scan emails if they're being direction to an inbox on the system (doesn't scan blackholes or forwarders,only pop accounts). This means that non-existant addresses won't be tagged as spam, so that the domain filter will not try and save it to a spambox that doesnt exist.

More options can be added (like forwarders in the example) to scan other things if you want, like mailing lists. Catch-alls are the only hard part, but in general it's highly advised not to use them anyway.

John

 

[sander79]

I mean that the text contradicts with the subject of the artikel.

The subject says that is will scan with a valid user-acount and the text says that exim will not scan the email with a valid account.

 

[nobaloney]

John, I'm confused a bit too.

On the page you link to in your post, you show:

If the load on your server is drastically higher as a result of enabling spamassassin on your server, it's likely because spammers are sending emails to random accounts on your domains, even if they dont exist. The catch-all will drop or deny these message, but they'll still get scanned.

But if catchall is set to drop the mail should never even get onto the server, so SA shouldn't get the chance to scan it.

Or am I missing something?

Thanks.

Jeff

 

[Ste]

With a default SA set-up, it scans all e-mails sent to the server regardless of any settings you may have placed, such as forwarders and catch-alls.

SA is run before those forwarders and catch-all settings are 'run' so SA can scan millions of e-mail address <a-z>@me.com when those don't exist.

With the link DA Support gave me SA will only scan the real e-mail that has an account on your server.

 

[nobaloney]

Exim won't accept email for nonexistent users. If catchall is set to fail, then any user not specifically identified as a forwarder or a mailbox won't be accepted on to the server. So I don't see how SA can scan it.

So I'm still confused .

Jeff

 

[DirectAdmin Support]

it's back to that whole thing about SA at smtp time. If SA is enabled with the defualt setup, exim first accepts all messages completely. Feeds it to SA, which then sends it back to exim for normal processing. If it hit's a :fail:, a bounce is delievered. This is why we don't want to scan accounts that don't exist, so they get the fail at smtp time and not a bounce email which is liklely not going to the right place (spoof).

John

 

[nobaloney]

it's back to that whole thing about SA at smtp time. If SA is enabled with the defualt setup, exim first accepts all messages completely. Feeds it to SA, which then sends it back to exim for normal processing. If it hit's a :fail:, a bounce is delievered. This is why we don't want to scan accounts that don't exist, so they get the fail at smtp time and not a bounce email which is liklely not going to the right place (spoof).

I'm still quite lost. Are you saying that your default setup does or does not do SA at smtp time?

My understanding is it does not.

In any event, my SpamBlocker3 beta exim.conf file does NOT do SA at smtp time; it does it after the email is accepted.

And it does not accept all messages if SA is turned on.

I've tested it. It definitely refuses email to nonexistent addresses even if SA is turned on.

Proof?

Here's some headers from an email delivered to me... the email address has been munged to avoid spam-scrapers:

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 26 Feb 2007 18:28:59 -0800
Received: from mail by da12.namelessnet.net with spam-scanned (Exim 4.60)
	(envelope-from <[email protected]>)
	id 1HLs5J-0003zR-RN
	for [email protected]; Mon, 26 Feb 2007 18:28:59 -0800
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 
	da12.namelessnet.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=NO_REAL_NAME autolearn=no 
	version=3.1.7
Received: from host.avidnetwork.com ([67.30.130.180])
	by da12.namelessnet.net with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.60)
	(envelope-from <[email protected]>)
	id 1HLs5J-0003zN-QA
	for [email protected]; Mon, 26 Feb 2007 18:28:57 -0800
Received: from localhost ([127.0.0.1] helo=da6.namelessnet.net)
	by host.avidnetwork.com with esmtp (Exim 4.60)
	(envelope-from <[email protected]>)
	id 1HLs5I-0007Rn-Ko
	for [email protected]; Mon, 26 Feb 2007 18:28:56 -0800
Received: from of1.riv.nobaloney.net ([67.112.189.217])
        (SquirrelMail authenticated user [email protected])
        by da6.namelessnet.net with HTTP;
        Mon, 26 Feb 2007 18:28:56 -0800 (PST)
Message-ID: <[email protected]>

and here's the return when I try sending to a nonexistent address (again, actual email addresses have been munged)

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  [email protected]
    SMTP error from remote mail server after RCPT TO:<[email protected]>:
    host mail.qnito.com [4.79.140.132]: 550 "Unknown User"

------ This is a copy of the message, including all the headers. ------

Return-path: <[email protected]>
Received: from localhost ([127.0.0.1] helo=da6.namelessnet.net)
        by host.avidnetwork.com with esmtp (Exim 4.60)
        (envelope-from <[email protected]>)
        id 1HLsAo-00081w-Ef
        for [email protected]; Mon, 26 Feb 2007 18:34:38 -0800
Received: from of1.riv.nobaloney.net ([67.112.189.217])
        (SquirrelMail authenticated user [email protected])
        by da6.namelessnet.net with HTTP;
        Mon, 26 Feb 2007 18:34:38 -0800 (PST)
Message-ID: <[email protected]>
Date: Mon, 26 Feb 2007 18:34:38 -0800 (PST)
Subject: test
From: [email protected]
To: [email protected]
User-Agent: SquirrelMail/1.4.7
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Antivirus-Scanner: Seems clean.  You should still use an Antivirus Scanner

test

Please help me understand .

Thanks!

Jeff

 

[DirectAdmin Support]

well, then that's a good thing My mistake I guess, this way is better.