Re: [Exim] Bogofilter and Exim

Top Page
Delete this message
Reply to this message
Author: Karl Schmidt
Date:  
To: exim-users
Subject: Re: [Exim] Bogofilter and Exim
No - Exim will only run the first router that accepts a message - so the
system I saw posted here relies on seeing the header to determine if
it needs to run bogofilter.

I changed the router below to do the domains test so it wouldn't scan
outgoing email - (something I haven't had to do here yet<g>) but others
(and perhaps spammers) using the stock setup posted previously would
send mail that will arrive with the X-Bogosity header and exim would
then not test it at the receiving site.

I've fixed it by generating a unique header to tag it as scanned here -
and look for that instead of the x-bogosity header in the router. Then
in local deliveries I remove the header again so it won't effect any
filter stats.


#ROUTERS
#the bogofilter_ router should be placed just before actual local delivery
bogofilter_router:
domains = +local_domains
no_verify
#the next line looks for X-flag to see if the mail has been scanned
condition = ${if !def:h_X-flag: {true }}
driver = accept
transport = bogofilter_filter



#end of router
++++++++++++
Transports
# bogofilter just adds X-Bogosity header here so we left the decision
what to
# with spam for user. ( by using procmail in the case of local delivery or
# sieve if we're using cyrus imapd)
bogofilter_filter:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
#next line adds the X-flag so we will later know mail has been scanned
headers_add = X-flag: true
transport_filter = /usr/bin/bogofilter -d /etc/bogofilter -lcd -p -e
group = mail
return_fail_output = true
user = mail
home_directory = "/tmp"
current_directory = "/tmp"
log_output = true
return_path_add = false

local_delivery:
driver = appendfile
file = /var/mail/$local_part
#lose the X-flag header
headers_remove = X-flag

delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660


# end of transport

Philip Douglass wrote:
> I think you've missed the point: bogofilter is going to strip any x-bogosity
> header it finds and will replace it with a new one. If a spammer adds an
> x-bogosity header that makes it look as if it is not spam, it will be
> replaced with a new, correct header. And then you will filter it. That "fake
> x-bogosity header" tactic would only work if you filtered your email before
> it got passed through bogofilter. And why would you want to do that?
>
> ----- Original Message -----
> From: "Karl Schmidt" <karl@???>
> To: "Konstantin Starodubtsev" <kostya@???>; <bogofilter@???>;
> <exim-users@???>
> Sent: Monday, December 30, 2002 5:55 PM
> Subject: Re: [Exim] Bogofilter and Exim
>
>
>
>>A couple of things here
>>
>>What prevents a spammer from adding a x-bogosity header that makes it
>>look as if it is not spam? Or if someone forgot to put
>>
>>domain = +local_domains
>>
>>in the router and sent filtered and thus x-bogosity headered mail out?
>>
>>
>>- bogofilter replaces the x-bogosity header with the -p switch.
>>
>>Is there a simple way to remove the header on mail coming from the
>
> outside?
>
>>Konstantin Starodubtsev wrote:
>>
>>>>Has anyone had any success with integrating Exim 4 and bogofilter
>>>>system wide, such that each emails gets run through bogofilter before
>>>>it gets delivered to a users mailbox?
>>>>
>>>
>>>
>>>#Router
>>>#the router should be placed just before actual local delivery
>>>bogofilter_router:
>>> no_verify
>>> condition = "${if and { {!def:h_X-Bogosity:} \
>>>{!eq {$received_protocol}{spam-sc anned}}} {1}{0}}"
>>> driver = accept
>>> transport = bogofilter_filter
>>>
>>>
>>># Transport
>>># bogofilter just adds X-Bogosity header here so we left the decision
>
> what to
>
>>># with spam for user. ( by using procmail in the case of local delivery
>
> or
>
>>># sieve if we're using cyrus imapd)
>>>bogofilter_filter:
>>> driver = pipe
>>> command = /usr/sbin/exim -oMr spam-scanned -bS
>>> use_bsmtp = true
>>> transport_filter = /usr/bin/bogofilter -d /var/lib/bogofilter -l -p -e
>>> group = mail
>>> return_fail_output = true
>>> user = mail
>>> home_directory = "/tmp"
>>> current_directory = "/tmp"
>>> log_output = true
>>> return_path_add = false
>>>
>>>--
>>>
>>>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
>
> details at http://www.exim.org/ ##
>
>>--
>>--------------------------------------------------
>>Karl Schmidt EMail    Karl@???
>>Transtronics, Inc.    WEB http://xtronics.com
>>3209 West 9th Street  Ph(785) 841-3089
>>Lawrence, KS 66049    FAX(785) 841-0434

>>
>>Definition of Windows XP:
>>SPAM, thinly disguised as an operating system
>>--------------------------------------------------
>>
>>
>>---------------------------------------------------------------------
>>FAQ: http://bogofilter.sourceforge.net/bogofilter-faq.html
>>To unsubscribe, e-mail: bogofilter-unsubscribe@???
>>For summary digest subscription: bogofilter-digest-subscribe@???
>>For more commands, e-mail: bogofilter-help@???
>>
>
>


--
--------------------------------------------------
Karl Schmidt EMail    Karl@???
Transtronics, Inc.    WEB http://xtronics.com
3209 West 9th Street  Ph(785) 841-3089
Lawrence, KS 66049    FAX(785) 841-0434


Definition of Windows XP:
SPAM, thinly disguised as an operating system
--------------------------------------------------