Is it possible to move the outbound scan for spamassassin after it checks to make sure they haven't hit their mail per hour limit?
This is the current method:
---
2013-04-19 14:25:01 1UTCFJ-0002OA-8t U=<<user>> Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (4.7)"
2013-04-19 14:25:01 1UTCFJ-0002OA-8t <= <<email>> U=<<user>> P=local S=924 T="Fw: <<spam subject here>>" for <<dest email address>>
2013-04-19 14:25:01 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UTCFJ-0002OA-8t
2013-04-19 14:25:01 1UTCFJ-0002OA-8t ** <<dest email address>> R=enforce_mail_permissions: Domain <<domain>> has exceeded the max emails per hour (75/60 (125%)) allowed. Message discarded.
2013-04-19 14:25:01 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1UTCFJ-0002OA-8t
2013-04-19 14:25:01 1UTCFJ-0002OJ-FS <= <> R=1UTCFJ-0002OA-8t U=mailnull P=local S=1889 T="Mail delivery failed: returning message to sender" for <<email>>
2013-04-19 14:25:01 1UTCFJ-0002OA-8t Completed
--
In this example, this customer got hacked we allow 60 emails per hour to prevent getting on RBLs and what not. However, it was still sending out a ton of emails every minute (and being rejected), yet each message was being scanned by spamd and killing the CPU.
This is the current method:
---
2013-04-19 14:25:01 1UTCFJ-0002OA-8t U=<<user>> Warning: "SpamAssassin as cpaneleximscanner detected OUTGOING not smtp message as NOT spam (4.7)"
2013-04-19 14:25:01 1UTCFJ-0002OA-8t <= <<email>> U=<<user>> P=local S=924 T="Fw: <<spam subject here>>" for <<dest email address>>
2013-04-19 14:25:01 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UTCFJ-0002OA-8t
2013-04-19 14:25:01 1UTCFJ-0002OA-8t ** <<dest email address>> R=enforce_mail_permissions: Domain <<domain>> has exceeded the max emails per hour (75/60 (125%)) allowed. Message discarded.
2013-04-19 14:25:01 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1UTCFJ-0002OA-8t
2013-04-19 14:25:01 1UTCFJ-0002OJ-FS <= <> R=1UTCFJ-0002OA-8t U=mailnull P=local S=1889 T="Mail delivery failed: returning message to sender" for <<email>>
2013-04-19 14:25:01 1UTCFJ-0002OA-8t Completed
--
In this example, this customer got hacked we allow 60 emails per hour to prevent getting on RBLs and what not. However, it was still sending out a ton of emails every minute (and being rejected), yet each message was being scanned by spamd and killing the CPU.
