They also serve who only MTA#
Tue, 29 Jan 2008 18:30:03 +0000
I spent large chunks of the weekend installing a mail server on a fresh Bytemark VM, and and it all seems much simpler than it did last time I tried - last time I eventually gave up and got a tuffmail account.
Lessons:
0) start by installing exim4-daemon-heavy
and reading /usr/share/doc/exim4-daemon-heavy/README.Debian.gz
1) don't bother with "split configuration", it seems to be fairly experimental at the moment
2) the file you should be editing is /etc/exim4/exim4.conf.template
. The actual configuration is generated from this by magic and/or /etc/init.d/exim4
. Things you may want to turn on or off are usually bracketed by .ifdef
sections; you define the appropriate variables by putting e.g.
CHECK_MAIL_HELO_ISSUED = true CHECK_RCPT_LOCAL_LOCALPARTS = true CHECK_RCPT_REMOTE_LOCALPARTS = true CHECK_RCPT_VERIFY_SENDER = true CHECK_RCPT_REVERSE_DNS_ACT = deny CHECK_RCPT_REVERSE_DNS = true CHECK_RCPT_IP_DNSBLS_ACT = deny CHECK_RCPT_IP_DNSBLS = zen.spamhaus.orgat the top of the file
3) 90% (figure off the top of my head, not actually measured) of your spam filtering comes from rejecting mail with no reverse dns or that doesn't speak RFCs or that's in the dialups list at spamhaus. This requires of course that you aren't having the mail forwarded from somewhere else - my mail is historically a rats nest of .forward and procmail processing - but provided you're the MX it's easy.
4) You can be much more vicious about spam filtering if you do it at SMTP time because you can reject the message instead of dropping it silently, hence the victims of false positives at least know the mail didn't arrive. The exim package in debian (since v4.50 I think) has appropriate knobs to do this: look at aclcheckdata in the config file.
5) We're using thunderbird as an MUA: if you choose the 'trust spam headers from spamassassin' option you need to ensure that you're setting an "X-Spam-Flag: YES" header (the examples in the config file have slightly different headers that Thunderbird doesn't pick up on) at whatever threshold you decide constitutes spam. We reject spam scores>10 and flag >5
6) Per-user spamassassin settings? Frankly, not worth it for us. The small amount of spam that makes it through with this setting is easily mopupable with Thunderbird's bayesian filter.
Amusing happening:
X-Spam-Report: SpamAssassin on "mail.example.org" rates this at 0.8 points pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email 0.5 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.organd the only URL in the body of the email?
This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/