Re: [Exim] scanning with sa-exim based on headers

On Sun, 9 Mar 2003, Rick Ennis wrote:

> I recently got SA 2.50 working with exim 4.12 via sa-exim 2.2 (thanks again,
> Nico). Now that I *think* I've followed all the directions, it seems like
> I'm still not understanding something. According to the documentation and
> suggested ACLs, an auth or relay host connection would result in adding an
> "X-SA-Do-Not-Rej: Yes" header. That header is in turn used by sa-exim to
> abort scanning of the message altogether.

You can use any header you want, sa-exim uses a condition to check for the
header in it's configfile. I would prefer to use a cryptographical secure
hash-algorithm, for the message-id and a password. And check for this hash
in your configfile.

> What prevents a user/spammer from sending a message with that header already
> in it? Both the "headers_remove" options (one for routers, one for

Nothing :)

If you want to play with the fire, you can install the current exim 4.14
snapshot, it provides the usage of ACL-variables, per connection and per
message. The message-variables should be available while checking the
localscan-condition (I'm not 100% sure, but as far as I'm checked the
code it's ok). It's documented in doc/NewStuff.

Nico