Using this capability we have been able to configure our mail server to reject the obvious spam and still allow our users the flexibility to manage the rest on their own with rules and filter sets on their mail client. As with Clam, the server address and port are established earlier in the Exim configure file. Its rule is a little more complex:



deny message = This message scored $spam_score points.\

Congratulations!

spam = nobody:true

condition = ${if >{$spam_score_int}{63}{1}{0}}



The spam = nobody:true line specifies that spam scanning will be performed for all users. If the message is greater than the bounce threshold, the message is rejected and the sender notified. In this case, we reject if the message scores over 6.3 points in SpamAssassin tests. Note the threshold is multiplied by ten for placement within the rule.

Regular expression blocking gives the sysadmin further control without having to tweak SpamAssassin configure files. Simply put, by using regular expressions to create a blocked string, messages containing those strings will be rejected outright. The following is one of the examples included with Exiscan:



deny message = This message matches a blacklisted \

regular expression ($regex_match_string)

regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]




In this case, the word "Viagra" with any mix of case and whitespace appearing in the body of the message is rejected.

Exiscan comes with thorough documentation and sample configurations for each facility to allow users to get up and running quickly. A HOWTO is also available at the Exiscan website. Further support can be found through the Exiscan-users email list; though primarily a low-traffic list, the active users - including Exiscan author Tom Kistner - are quick at providing answers to questions. From what I've seen, Kistner is also very responsive in adding functionality and providing bug fixes for Exiscan.

On our network, CPU utilization on a temporary filtering box (a 2.4GHz P4 single proc w/1 GB of RAM) consistently floats between 60-80% with antivirus turned off, but we have high traffic. I have not (yet) found a good traffic monitor, but some simple command line scripts to parse logs show we bounce an average of 7500-8500 messages per hour each day.

Overall, we have been very pleased with the Exim/Exiscan combination in scanning email for our user base of approximately 3500 dial-up, ISDN, and DSL users. Without scanning in place, our technicians received several calls per day from customers complaining about spam. Since implementing Exiscan, calls have been few and far between.

It's hard to argue with results like that, especially for a free product.