Re: [Exim] Using Spamassassin in an intermediate MTA

Top Page
Delete this message
Reply to this message
Author: Greg Ward
Date:  
To: 'exim-users@exim.org'
Subject: Re: [Exim] Using Spamassassin in an intermediate MTA
On 04 June 2002, Owen Creger said:
> I'm using Exim 3.22-14 on RedHat w/ Kernel 2.4
> The box is in my DMZ and handles all inbound and outbound mail from my
> internal server.
>
> I have searched the exim-users group and haven't found anything I can use.
> I have looked at the doc @
> http://bogmog.sourceforge.net/document_show.php?doc_id=28
> It appears to be a config for a terminal MTA and not an intermediate MTA
>
> How do I setup spammassassin with Exim on an intermediate MTA?
> I also don't want it to scan outbound messages, to save on processor cycles.


On one of the Exim server I run, I use the system filter -- works
great. Set up the system filter as usual, and then in the filter:

------------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optimisation for messages that get
# queued and have several delivery attempts.
if not first_delivery then
finish
endif

# Let error messages through; this includes virus rejections
# generated below! (The $header_from check is needed to
# dodge the "hahaha@???" worm, which uses a null envelope
# sender. Sigh.)
if error_message and $header_from: does not contain "hahaha@???" then
finish
endif

# If this message originated locally (eg. from Mailman or a direct
# "sendmail ..." invocation), or if it has already been processed by
# spamcheck, then stop processing now.  Send it on as-is, without
# checking for viruses or spam.
if ($received_protocol is "local" or
    $received_protocol is "spamc" or
    $sender_host_address is "127.0.0.1" or
    $h_X-Spam-Flag: is not "") then
  finish
endif


[... lots of virus checks skipped -- viruses are either saved or
     returned, depending on the virus signature ...]


pipe "/etc/exim/routespam $sender_address $recipients"
------------------------------------------------------------------------

IOW: all mail that is not an error message, not received "locally" (you
would have to adjust the definition of "locally" to account for all your
internal hosts -- ie. not just 127.0.0.1), and doesn't look like a virus
is piped through my routespam script.

routespam and related tools are available via CVS at
satools.sourceforge.net . Enjoy!

        Greg
--
Greg Ward - software developer                gward@???
MEMS Exchange                            http://www.mems-exchange.org