This is probably going to make me sound like I'm a really old bearded hacker, whereas in reality, my sig said "Linux newbie asks for help in his journal" up to a few months ago...
Nevertheless, it should be noted that Ruby needs to be grabbed from CVS, some instructions here. Most of that is about the 2.4 backport, called backstreet ruby, but you'll get the 2.6 code along with it.
Yup, he was the first one to really do this. Later, the linuxconsole project has elaborated on it, and the Ruby kernel patches and patches for Xfree86 4.3.0 have been created that does this a lot more elegantly.
I run it myself. My girlfriend and I have a small appartment, and I'm stuck to the computer almost all the time, and she needs to use it too. We simply didn't have space (or money...) for a second computer, so I'm using a local multiuser setup.
I think it was rather hard to set up, and I had a lot of trouble along the way. I still have some problems, but it may be due to faulty hardware (a Tangtop Generic USBPS2, anybody know those?)
For most setups, you need to patch the X server as well as the kernel. The kernel patch is straightforward, but I had some trouble with the X patch.
It has improved a lot in Debian, because now Debian Sarge and Sid ships with the patched X server. Have a look at the isolatedevice option if you run these releases. That's all you need...
I have also run 2.4 with backstreet Ruby up to a few days ago. Now, there's 2.6.7 with the real Ruby patches. It works great!
I'll recommend this setup! For many, I think it is better than a thin client solution.
Wow! That's exactly the same observations I have done! I have too noticed that I can actually clear up a jam by keeping like five seconds up to the next car, slowing down slowly.
There's a funny Traffic Wave Generator in Drammen, Norway. Unintended of course, but nonetheless. It's a longish bridge going from northeast to south in this picture, and at the northwestern end, there's a lot of traffic coming in, and at a relatively high pace. The speed limit is something like 90 km/h, which means the average speed is probably well in excess of 100 km/h. Then the limit on the bridge goes down to 70 km/h, and at the same time, it merges to a single lane in either direction. Bound to be trouble as it is... But to make matters worse, shortly after the 70 sign (perhaps 50 meters), there is a photo box, that, if it has film it in, will shoot pictures of anybody speeding.
But the true sign that nobody in authority has the faintest idea why this is the most hated persistent traffic jam in the country is a big, official sign saying "In case of a jam, follow along!" I mean, WTF are you going to do, I'm not sitting here for fun (or profit) you know!:-(
What they officially seem to be advocating is the fast acceleration. But not everybody can. For example with my mother's little engine, I can't... There is very little you can do to assist evaporation, as he well argues in the paper.
So they created the worst, high amplitude traffic wave in the country by putting a traffic control camera in exactly the worst thinkable spot. There would necessarily be a traffic wave there anyway, but it is making matters so much worse.
I admit that there is a thing I do not quite understand. The jam often extends the whole bridge, and does not dissolve before a km afterwards. It would be interesting to study this from the air...
I'd take it even easier. Making money for their members or shareholders are their responsibility. Since making money for members or shareholders is the only way to provide a living and wellfare, it is something they have to do with any legal means. If you don't like it, you should consider socialism (yup, I'm rather socialistic inclined, YMMV).
The problem isn't that they're evil, it is that they're feeling threatened. People who are feeling threatened, are going to take steps that seem diabolic to outsiders. It does not matter if the threats are perceived or real to one who feels threatened, but to those that want to make a better world, it matters a lot, because you can make a big difference by proving that the threats are just not real.
Hm, I suspect that the synchronized flow state isn't stable: The main reason: People are driving too close to each other.
If there is just a small change in velocity of one driver, the next guy is going to respond to it by hitting the breaks. The next guy is going to panic and hit it harder, and so it goes. I've seen this happen in real life many times: Just a small riple can make a jam, three or four cars involved is sufficient.
I fact, I think I saw an article about this too, it could have been long ago in Europhysics News or something. They like publishing stuff like that.
I'm trying to keep a lot of distance when I'm driving: Three seconds in normal situations (just count), and up to five seconds if I'm in synchronized flow. That way, I can absorb many ripples if the three or fours cars in front of me is slowing down. I think it helps, but surely it doesn't help a lot if it happens further ahead.
It is of course important not to lag too much when the cars starts moving again, so I generally speed up to follow in the start, but then try to build up some good distance, when the flow gets going.
The WebTrust audit requires their auditors to actually see and verify the CA complies with the requirements. A box of lawyers can't create CA issuance log files, show how you maintain your HSM, or prove that you keep your/etc/password file clean of employees who have left your company since the last audit.
True. But you do like they do in concentration camps: Make sure everything is clean when the auditors are there, otherwise, you don't care.
Tell me: What kind of mistakes could Verisign do to get their certificates revoked?
With the kind of market dominance they have, I'm sure you agree that the answer to that question is "none".
If it had been PGP, I would have marked Verisign certificates "Do not trust" by now. I do not see that kind of option here....
After they're "in the list", WinXP machines will automatically download the new root cert whenever IE/Outlook performs a certificate path validation operation and sees the CACert root. It's automagic.
Interesting. To be able to insert a root certificate in a lot of browsers must be every criminal's dream. I hope this process is very secure...
Redmond said CA must pay a WebTrust-licensed member of the American Institute of Certified Public Accountants
This has pretty much been Mozilla's policy too, allthough everybody realizes it's inadequate.
included into the Mozilla project through a Bugzilla feature enhancement request. From what I read from the article, the discussion about this is still going on.
See http://bugzilla.mozilla.org/show_bug.cgi?id=215243
But please do not post any follow-ups to the bug. Go to the newsgroup discussion instead.
Hm, I used to have mod points about every day lately, but not now.
Parent is right on target, except that Ruby is the system he's looking for, Backstreet Ruby is the 2.4 backport of it. I'm running the multi-user set-up right now. It's very cool and saved us thousands (NOK)....:-)
$250,000. Just put that kind of money on the table and hire a few lawyers to do the paperwork, and you're "trusted".
But it isn't Microsoft that's doing this, it is the American Institute of Certified Public Accountants. But I feel strongly it is just a rubberstamp, in spite of that there is a long spec you need to comply with.
The question one should ask yourself about the whole workings of the CA stuff is "what would it take for a cert to be revoked?" When you realize there is probably nothing Verisign can do that would revoke their certificates, becuase it would wreak havoc with pretty much everything, it is time to get scared....
The Mozilla bug for the inclusion of CACerts certificate is
http://bugzilla.mozilla.org/show_bug.cgi?id=215243
Please vote for it, but please also understand that it is no point in posting more comments to the bug. Discussion is now going on in netscape.public.mozilla.crypto.
Well, that's life. Problem is, you can't yourself surf all the useful sites out there, nor can you surf all the nasty sites.
I think a distributed approach is needed to the problem. Every-one out there needs to have browser toolbar where they can rate pretty much all the sites they surf. We need people to annotate sites with accurate metadata, and we need a distributed moderation system that punishes trolls and spammers. Some like surfing porn, so they rate their porn. Some will check out kids' sites, and add their metadata to those.
A parent can then decide who to trust, besides his own meta-data, and what to give access to based on these data.
Actually, no. Plutonium isn't very poisonous according to modern research. At least not in the form you can reasonably expect: Like blocks of metal or even dust. It is only very poisonous in the form of vapors, AFAIK.
Hm, I tried to find some good links, but all I could find on the web in a hurry was to right-wing nutcases who did get the point of toxicity right but lost so many other points about Pu, I didn't feel like linking to them...
I think the worry was that you might have Pu dust that ignites, it can do that. That would be pretty nasty. But the chances of that happening would be extremely slim, and considering the scientific advancement made from a trip to Saturn and Titan, it is not unlikely that it saves many lives in the long run.
Or just that dust could get into people's lungs.
But the point is that Pu dust has a stable size about 5 m AFAIK, and non-smokers have very effective defence against dust that size.
Smokers pretty much signed their own "I want lung cancer" order anyway....
They probably would, but even in a worst-case scenario I doubt there would have been any deaths at all. I really have no idea where Kaku got his numbers from, but it is certainly not from anything that's been through IAEA... The 120 deaths quoted by NASA is pretty easy to see how they came up with. Besides, many studies today suggest that there isn't a very harmful effect of exposure to just a little radiation. I was really surprised it was an issue at all.
Furthermore, SPF enables domain reputation systems such as GOSSiP (currently under design) which enable domain's to be given a "spaminess" score based on their previous behaviour.
That's interesting! I'd like to plug two bug reports of mine (I wish I had time to hack, but I haven't). Friend-of-a-friend makes great start for a reputation system, at least for whitelisting people you know well.
So, I there's a Spamassassin bug on this, and it has generated some interest.
As a software developer, I frequently send large attachments to customers that have no other means of receiving them.
You mean that in todays world there are still people who do not have access to the web? Or at least FTP?
That's the only reason I can think of why anybody would do this rather than just dump the large file on a web server, possibly protected with a password and send the URI (+password if needed) in an e-mail.
Takes a second to set up, and makes people happy because they get a better idea of what the large thing is before downloading it.
And binary attachments are a big waste of bandwidth you know, because of base64.
Yeah, it seems just unrealistic.... I'm in Norway, so there's GSM here, but if it could only handle 62 calls at a time, you would need to put up cell towers with extreme density in densely populated areas... I think it sounds like it is a order of magnitude off...
Anybody know what the corresponding number is for typical GSM towers? I mean, with the University of Oslo campus, where there are like 30000 people, there's just a handful of antennas, and I'm willing to bet there are many hundred calls at peaks (for example in breaks).
Igloos are made of snow, actually. You just have to find the right snow: a drift at least 60 cm deep and very hard packed by the wind. Then you cut blocks with a snowknife (a saw works surprisingly well, too). And yeah, I've built plenty of 'em.
Cool! (pun intended)
I've just built one: pictures here!:-) We used a saw mainly.
That's really interesting to see. I'm in Norway, and I've been writing my representatives in the Norwegian parliament "Stortinget" to get them too attend this conference. It is not only about GNOME, mind you, tomorrow, there are a bunch of politicians there, from the starting keynote, then about software patents, EU policies, and finally a big keynote by Dr Edgar Villanueva, our friend from Peru.
Unfortunately, the guy who was closest to getting there was stuck at his office, in spite of Kristiansand being his hometown.
That's too bad, but now I can actually try to have them look at the stream instead, and even failing that, there's the archive.
Why not declare, say, the congo to be a big protected park, and shift mining operations to antarctica, if you really care about the environment?
In principle a good idea, but the problem is that people are living in Congo, and they need to make a living too... True, you could just ship them off to Antarctica, all of them, but I think they would object.... It is a whole lot colder in Antarctica than Congo...:-)
So, I think it is still better to try to preserve something that is as of yet unexploited.
Back then we laughed with those pranks because we knew it was impossible. I kept laughing, until the day it really happened.
I must admit that I still couldn't believe it long after it happened. Still told friends "don't worry, it's hoax". I still find it very hard to understand why anybody could be so careless as to make it possible after having the warnings of hundreds of some very high-profile hoaxes. I think I even flamed a mainstream-media journalist once for being "careless" to spread a hoax, when it actually was a real trojan....
a)People HATE getting nickled and dimed- hence the very origin of the term!
Got any numbers to back this up?
From where I'm sitting, I see a huge industry using micropayments, that's paying through SMSes, stuff like that. It works very, very well. If it is convenient enough, people will do it.
Fact is, micropayments allready work, just not on the Internet.
b)For websites and the like, people will simply seek out free content which is available in quantity. Bob starts charging micropayments for his webcomic. Bob witnesses most of his readers disappearing into the woodwork. Jane, Sally, and Joe notice little bumps in their traffic logs.
Well, I think that the way (though perhaps not the only way), is to introduce voluntary micropayments. Your readers (like music players, browsers) record for you what you've been playing or reading the most, and suggest how much you should pay, you go over it say once a week, and pay it by a couple of clicks. I'd start paying for a lot of content if I could do it this way.
But it'll require some more: That it is well standardized in an open standard. I wouldn't want any company to get a monopoly on this.
There's a differnce being persecuted for nobly insisting on scientific truth, and being persecuted because you flamed the local absolute ruler in an era where freedom of speech was a concept yet to be invented.
Yep, that is, I believe, a very accurate description of why Galileo was persecuted. He was a really big-mouthed, disruptive kind of guy.
Which seems to describe the "Father of DVD" pretty well too. How times have changed!;-P
In Norway we have our corresponding DNMI, and I have a friend who used to work for the "Market Division" there. I think the status of the two institutions are much the same.
I got some inside looks at the battle inside this "Market Division". Generally, scientists think that weather information is a vital resource that should be kept free, and they are fighting for that end inside the institute. But the market realities are that it might not be for very much longer, since the government is cutting back funding every now and then, giving vitally important resources to the people is going to bancrupt them any day now.
Like happened to the Norwegian mapping authority. It was founded in the beginning of 18-hundred something, and by 1890, the whole country was mapped. Funnily, it is now impossible to get a decent map of the country that is not under some kind of copyright, after the mapping authority folded under market pressures. Fortunately, we get our free data from US sources. Thanks a lot, US taxpayers! You pay a lot less taxes than we do, yet manage to get useful common data.
Another example of IPR gone wrong: Anybody care to tell me why a work completely done by 1890 mostly be people who thought that mapping the country was important to break free from the superpowers of the day needs copyright in 2004...?
Never been a problem here, and my parents are on quite a few mailing lists where they get these kinds of messages. I'm still at 0.01% false positives.
The point is, there are also many rules that give negative scores for especially hammy messages. So, messages can have a lot of very spammy things about them, but as long as they also have a lot of hammy things about them, you're ok.
Also, be sure to train your bayes database well with a lot of ham, it'll help a lot too.
This is something that you need to do at the MTA level, so unless you control the MTA, there isn't a lot you can do.
In your situation, I would simply suggest saving messages above 5 to a special folder and forward messages above 12 to Dave Null.
As others have mentioned, never, never send auto-replies or configure your MTA to send bounce messages.
If you want to reject messages, you have to do it in the SMTP dialogue with the spammer or his raped relay. If you accept the message first, or your ISP does it for you in your case, it is too late allready: Any generated bounce will go to whoever was forged into MAIL FROM: or whatever. And that's really nasty.
But there is actually a much simpler version that can do rejection at SMTP-time for messages over a certain threshold and let message between this and another threshold marked as such, using exiscan-acl.
You'll find some detailed instructions there.
Slashdot Mirror
Nevertheless, it should be noted that Ruby needs to be grabbed from CVS, some instructions here. Most of that is about the 2.4 backport, called backstreet ruby, but you'll get the 2.6 code along with it.
I run it myself. My girlfriend and I have a small appartment, and I'm stuck to the computer almost all the time, and she needs to use it too. We simply didn't have space (or money...) for a second computer, so I'm using a local multiuser setup.
I think it was rather hard to set up, and I had a lot of trouble along the way. I still have some problems, but it may be due to faulty hardware (a Tangtop Generic USBPS2, anybody know those?) For most setups, you need to patch the X server as well as the kernel. The kernel patch is straightforward, but I had some trouble with the X patch.
It has improved a lot in Debian, because now Debian Sarge and Sid ships with the patched X server. Have a look at the isolatedevice option if you run these releases. That's all you need...
I have also run 2.4 with backstreet Ruby up to a few days ago. Now, there's 2.6.7 with the real Ruby patches. It works great!
I'll recommend this setup! For many, I think it is better than a thin client solution.
I've run one X server on a 386, it wasn't fun....
Point is, you get a complete state-of-the-art system on a single box.
There's a funny Traffic Wave Generator in Drammen, Norway. Unintended of course, but nonetheless. It's a longish bridge going from northeast to south in this picture, and at the northwestern end, there's a lot of traffic coming in, and at a relatively high pace. The speed limit is something like 90 km/h, which means the average speed is probably well in excess of 100 km/h. Then the limit on the bridge goes down to 70 km/h, and at the same time, it merges to a single lane in either direction. Bound to be trouble as it is... But to make matters worse, shortly after the 70 sign (perhaps 50 meters), there is a photo box, that, if it has film it in, will shoot pictures of anybody speeding.
But the true sign that nobody in authority has the faintest idea why this is the most hated persistent traffic jam in the country is a big, official sign saying "In case of a jam, follow along!" I mean, WTF are you going to do, I'm not sitting here for fun (or profit) you know! :-(
What they officially seem to be advocating is the fast acceleration. But not everybody can. For example with my mother's little engine, I can't... There is very little you can do to assist evaporation, as he well argues in the paper.
So they created the worst, high amplitude traffic wave in the country by putting a traffic control camera in exactly the worst thinkable spot. There would necessarily be a traffic wave there anyway, but it is making matters so much worse.
I admit that there is a thing I do not quite understand. The jam often extends the whole bridge, and does not dissolve before a km afterwards. It would be interesting to study this from the air...
The problem isn't that they're evil, it is that they're feeling threatened. People who are feeling threatened, are going to take steps that seem diabolic to outsiders. It does not matter if the threats are perceived or real to one who feels threatened, but to those that want to make a better world, it matters a lot, because you can make a big difference by proving that the threats are just not real.
If there is just a small change in velocity of one driver, the next guy is going to respond to it by hitting the breaks. The next guy is going to panic and hit it harder, and so it goes. I've seen this happen in real life many times: Just a small riple can make a jam, three or four cars involved is sufficient.
I fact, I think I saw an article about this too, it could have been long ago in Europhysics News or something. They like publishing stuff like that.
I'm trying to keep a lot of distance when I'm driving: Three seconds in normal situations (just count), and up to five seconds if I'm in synchronized flow. That way, I can absorb many ripples if the three or fours cars in front of me is slowing down. I think it helps, but surely it doesn't help a lot if it happens further ahead.
It is of course important not to lag too much when the cars starts moving again, so I generally speed up to follow in the start, but then try to build up some good distance, when the flow gets going.
But then, I'm just speculating...
True. But you do like they do in concentration camps: Make sure everything is clean when the auditors are there, otherwise, you don't care.
Tell me: What kind of mistakes could Verisign do to get their certificates revoked?
With the kind of market dominance they have, I'm sure you agree that the answer to that question is "none".
If it had been PGP, I would have marked Verisign certificates "Do not trust" by now. I do not see that kind of option here....
Interesting. To be able to insert a root certificate in a lot of browsers must be every criminal's dream. I hope this process is very secure...
This has pretty much been Mozilla's policy too, allthough everybody realizes it's inadequate.
See http://bugzilla.mozilla.org/show_bug.cgi?id=215243
But please do not post any follow-ups to the bug. Go to the newsgroup discussion instead.
Parent is right on target, except that Ruby is the system he's looking for, Backstreet Ruby is the 2.4 backport of it. I'm running the multi-user set-up right now. It's very cool and saved us thousands (NOK).... :-)
But it isn't Microsoft that's doing this, it is the American Institute of Certified Public Accountants. But I feel strongly it is just a rubberstamp, in spite of that there is a long spec you need to comply with.
The question one should ask yourself about the whole workings of the CA stuff is "what would it take for a cert to be revoked?" When you realize there is probably nothing Verisign can do that would revoke their certificates, becuase it would wreak havoc with pretty much everything, it is time to get scared....
The Mozilla bug for the inclusion of CACerts certificate is http://bugzilla.mozilla.org/show_bug.cgi?id=215243
Please vote for it, but please also understand that it is no point in posting more comments to the bug. Discussion is now going on in netscape.public.mozilla.crypto.
Also, have a look at this KDE bug.
I think a distributed approach is needed to the problem. Every-one out there needs to have browser toolbar where they can rate pretty much all the sites they surf. We need people to annotate sites with accurate metadata, and we need a distributed moderation system that punishes trolls and spammers. Some like surfing porn, so they rate their porn. Some will check out kids' sites, and add their metadata to those.
A parent can then decide who to trust, besides his own meta-data, and what to give access to based on these data.
Hm, I tried to find some good links, but all I could find on the web in a hurry was to right-wing nutcases who did get the point of toxicity right but lost so many other points about Pu, I didn't feel like linking to them...
I think the worry was that you might have Pu dust that ignites, it can do that. That would be pretty nasty. But the chances of that happening would be extremely slim, and considering the scientific advancement made from a trip to Saturn and Titan, it is not unlikely that it saves many lives in the long run.
Or just that dust could get into people's lungs. But the point is that Pu dust has a stable size about 5 m AFAIK, and non-smokers have very effective defence against dust that size. Smokers pretty much signed their own "I want lung cancer" order anyway....
They probably would, but even in a worst-case scenario I doubt there would have been any deaths at all. I really have no idea where Kaku got his numbers from, but it is certainly not from anything that's been through IAEA... The 120 deaths quoted by NASA is pretty easy to see how they came up with. Besides, many studies today suggest that there isn't a very harmful effect of exposure to just a little radiation. I was really surprised it was an issue at all.
That's interesting! I'd like to plug two bug reports of mine (I wish I had time to hack, but I haven't). Friend-of-a-friend makes great start for a reputation system, at least for whitelisting people you know well.
So, I there's a Spamassassin bug on this, and it has generated some interest.
Now, the problem is to generate FOAF-records easily and reliably, and for that, I suggest for example enabling KAddressbook to export them.
You mean that in todays world there are still people who do not have access to the web? Or at least FTP?
That's the only reason I can think of why anybody would do this rather than just dump the large file on a web server, possibly protected with a password and send the URI (+password if needed) in an e-mail.
Takes a second to set up, and makes people happy because they get a better idea of what the large thing is before downloading it.
And binary attachments are a big waste of bandwidth you know, because of base64.
Anybody know what the corresponding number is for typical GSM towers? I mean, with the University of Oslo campus, where there are like 30000 people, there's just a handful of antennas, and I'm willing to bet there are many hundred calls at peaks (for example in breaks).
Cool! (pun intended)
I've just built one: pictures here! :-) We used a saw mainly.
Unfortunately, the guy who was closest to getting there was stuck at his office, in spite of Kristiansand being his hometown.
That's too bad, but now I can actually try to have them look at the stream instead, and even failing that, there's the archive.
In principle a good idea, but the problem is that people are living in Congo, and they need to make a living too... True, you could just ship them off to Antarctica, all of them, but I think they would object.... It is a whole lot colder in Antarctica than Congo... :-)
So, I think it is still better to try to preserve something that is as of yet unexploited.
I must admit that I still couldn't believe it long after it happened. Still told friends "don't worry, it's hoax". I still find it very hard to understand why anybody could be so careless as to make it possible after having the warnings of hundreds of some very high-profile hoaxes. I think I even flamed a mainstream-media journalist once for being "careless" to spread a hoax, when it actually was a real trojan....
Got any numbers to back this up?
From where I'm sitting, I see a huge industry using micropayments, that's paying through SMSes, stuff like that. It works very, very well. If it is convenient enough, people will do it.
Fact is, micropayments allready work, just not on the Internet.
Well, I think that the way (though perhaps not the only way), is to introduce voluntary micropayments. Your readers (like music players, browsers) record for you what you've been playing or reading the most, and suggest how much you should pay, you go over it say once a week, and pay it by a couple of clicks. I'd start paying for a lot of content if I could do it this way.
But it'll require some more: That it is well standardized in an open standard. I wouldn't want any company to get a monopoly on this.
Yep, that is, I believe, a very accurate description of why Galileo was persecuted. He was a really big-mouthed, disruptive kind of guy.
Which seems to describe the "Father of DVD" pretty well too. How times have changed! ;-P
I got some inside looks at the battle inside this "Market Division". Generally, scientists think that weather information is a vital resource that should be kept free, and they are fighting for that end inside the institute. But the market realities are that it might not be for very much longer, since the government is cutting back funding every now and then, giving vitally important resources to the people is going to bancrupt them any day now.
Like happened to the Norwegian mapping authority. It was founded in the beginning of 18-hundred something, and by 1890, the whole country was mapped. Funnily, it is now impossible to get a decent map of the country that is not under some kind of copyright, after the mapping authority folded under market pressures. Fortunately, we get our free data from US sources. Thanks a lot, US taxpayers! You pay a lot less taxes than we do, yet manage to get useful common data.
Another example of IPR gone wrong: Anybody care to tell me why a work completely done by 1890 mostly be people who thought that mapping the country was important to break free from the superpowers of the day needs copyright in 2004...?
The point is, there are also many rules that give negative scores for especially hammy messages. So, messages can have a lot of very spammy things about them, but as long as they also have a lot of hammy things about them, you're ok.
Also, be sure to train your bayes database well with a lot of ham, it'll help a lot too.
In your situation, I would simply suggest saving messages above 5 to a special folder and forward messages above 12 to Dave Null.
As others have mentioned, never, never send auto-replies or configure your MTA to send bounce messages.
If you want to reject messages, you have to do it in the SMTP dialogue with the spammer or his raped relay. If you accept the message first, or your ISP does it for you in your case, it is too late allready: Any generated bounce will go to whoever was forged into MAIL FROM: or whatever. And that's really nasty.
But if you control the MTA, then Exim 4 is pretty good at this. If you want the excrutating details, check out Marc Merlins page on using SA with Exim
But there is actually a much simpler version that can do rejection at SMTP-time for messages over a certain threshold and let message between this and another threshold marked as such, using exiscan-acl. You'll find some detailed instructions there.