[Mimedefang] How to configure?
TLD MimeDefang
tld.mimed at stimulacra.com
Wed Nov 4 16:26:06 EST 2009
Bazooka Joe wrote:
> How do I - reject mail if it has a score above 5
My filter's file is /etc/mail/mimedefang-filter. If yours
is the same, this is the file to edit.
Your default mimedefang filter should already have a section
set up in it to handle the Spamassassin testing stuff. look
for the 'if($Features{"SpamAssassin"})' section. Below this
you'll see a call to spam_assassin_check, which returns several
items, one of them is the $hits. Below this is where you'll
perform the test for a hit value.
Something like:
if($hits >= 5.0) {
# make a log entry
md_syslog('notice', "$hits ($score) $names");
# reject the message
action_bounce('SPAM markers found');
# and return true
action_discard();
}
Though, I wouldn't recommend rejecting messages on 5.0. Maybe 9
or 10 would be a better number. I'd just quarantine anything over
5, because chances are, you'll find quite a few false positives on
5.
> or virii
Mime defang is set up to automatically use anti-virus programs
that are supported by it. For example, I use clamav, and the
defang filter already handles it with the filter_begin function.
Nothing to do there except keep the clam databases updated.
> 2 bypass SA or whitelist if the sender was authenticated via smtp_auth.
Generally, it's a good idea to maintain the filter even on
known authenticated senders. Supposing an authenticated user
accidentally emails out an attachment that is infected with
a virus? You'd sure want the system to catch it.
Just set your Spamassassin to give whitelisted names a negative
score, and let the system do its job. I give whitelisted people
a -10 here and that's been fully sufficient to keep their emails
flowing smoothly and without problem.
Even so, I'm not sure such a thing can be done without doing
duplicate whitelist checking in the filter.
TLD
More information about the MIMEDefang
mailing list