Re: [Exim] Spamassassin and Exim 4.20 Help needed

Top Page
Delete this message
Reply to this message
Author: Oliver Egginger
Date:  
To: Daniel Bendersky
CC: exim-users
Subject: Re: [Exim] Spamassassin and Exim 4.20 Help needed
Hello,

as a matter of principle I like the idea to scan the e-mails during the
smtp time very much.
But in germany we are not allowed to scan e-mails without the express
terms of the user.

We configured it on a per user basis without ACLs.
Here is the corresponding router:
------------------------------------------------------------------> SNIP
# Spamassassin
spamcheck_router:
  no_verify
  check_local_user
  # When to scan a message :
  #   -   it isn't already flagged as spam
  #   -   it isn't already scanned
  #   -   comes from mailin 134.176.2.12 or 134.176.2.15
  #   -   .spamcheck exists for this user
  condition = \
  "${if and { {!def:h_X-Spam-Flag:} \
              {!eq {$received_protocol}{spam-scanned}} \
              {or { {eq {$sender_host_address}{134.176.2.12}} \
                    {eq {$sender_host_address}{134.176.2.15}} \
                  }\
              }\
            }\
            {1}{0}\
    }"
  require_files = $home/.spamcheck
  driver = accept
  transport = spamcheck
------------------------------------------------------------------> SNIP



This router is defined on our POP/IMAP mailbox server.
Also we defined this transport on that machine:
------------------------------------------------------------------> SNIP
# Spam Assassin
spamcheck:
    driver = pipe
    command =  /usr/exim/bin/exim -oMr spam-scanned -bS
    use_bsmtp = true
    transport_filter = /usr/bin/spamc -u $local_part
    home_directory = "/tmp"
    current_directory = "/tmp"
    # must use a privileged user to set $received_protocol on
    # the way back in!
    user = mail
    group = mail
    log_output = true
    return_fail_output = true
    return_path_add = false
    message_prefix =
    message_suffix =
------------------------------------------------------------------> SNIP


Then we wrote a little web interface, where people can switch it on an
off by giving there id and there password (setting/deleting the
.spamckeck file ).

The benefit from this is, that you can use spamassassins autolearn,
autowhitelist and user configure options.

I think, this would be a little bit tricky to do with ACLs.

- oliver


Am Don, 2003-06-19 um 16.12 schrieb Daniel Bendersky:
> Hi,
>
> I have the Exim 4.20 with the exiscan-acl patch and I have already
> tried to set up the spamassassin at the ACL.
>
> It works perfect and was very easy to set it up, BUT my problem is that
> I run an ISP with Thousands of e-mail accounts, so the load of the
> servers (that are behind a load balancer) grow from 0.5 to 60 so I
> turned it off.
>
> One guy here at the list, told me that there is no way to check an
> e-mail message at the ACL only for a group of users. That I must to do
> it using routers.
> Only 4% of the messages need to be scanned (I know that because I have
> already the RAV antivirus working), so I want to run SA the same way,
> only for a group of users.
>
> With this info on the table, what you suggest?
>
> On Thursday, June 19, 2003, at 09:34 AM, Darran Michael Coy wrote:
>
> > Daniel,
> >
> > I'm assuming from your email that you are trying to do this the hard
> > way by running
> > spamd and then writing your own router/transport to pass mail through
> > spamd.
> >
> > This really is the hard way.
> >
> > Having recently gone through the same process, I recommend you go and
> > get sa-exim
> > (http://marc.merlins.org/linux/exim/sa.html).
> >
> > This really takes all the hard work away from you. It does need a
> > recompile of Exim
> > though.
> >
> > HTH
> >
> > On 18 Jun 2003 at 18:36, Daniel Bendersky wrote:
> >
> >> --
> >> [ Picked text/plain from multipart/alternative ]
> >> Hi, I'm tring to set up the Spamassassin but don't work for me (Yet!)
> >>
> >> I have the following router:
> >> -----
> >> spamcheck_router:
> >> no_verify
> >> condition = "${if and { {eq {1}{${if and { {!def:h_X-Spam-Flag:} {!eq
> >> {$received_protocol}{spam-scanned}}} {1}{0}}}} {eq {1}{${lookup ldap
> >> {ldap:///uid=${local_part},dc=${domain},o=MAIL,o=USERS,c=CL?mailSpam}
> >> {$value}{$value}}}}} {1}{0}}"
> >> driver = accept
> >> transport = spamcheck
> >> -----
> >> The "condition" check if the message was scanned (as suggested in this
> >> list by Phil Brutsche) and also (my add on) lookup in an LDAP if the
> >> user need to be checked.
> >>
> >> And the transport:
> >> -----
> >> spamcheck:
> >>    driver = pipe
> >>    command = /usr/sbin/exim -oMr spam-scanned -bS
> >>    use_bsmtp = true
> >>    transport_filter = /usr/bin/spamc
> >>    home_directory = "/tmp"
> >>    current_directory = "/tmp"
> >>    user = mail
> >>    group = mail
> >>    log_output = true
> >>    return_fail_output = true
> >>    return_path_add = false
> >>    message_prefix =
> >>    message_suffix =
> >> -----
> >> Then I do my test in the port 26 to check if I get mails.

> >>
> >> The result is BAD. I get mails ONLY if the destination address is in
> >> the LDAP marked as need to be checked.
> >>
> >> So my guess is that the rest of the messages are lost in the
> >> cyberspace.
> >>
> >> Any idea of what I'm doing wrong?
> >>
> >> --
> >> Saludos....
> >>
> >> Daniel Bendersky.
> >>
> >> ------------------------------------------------------------------
> >> Daniel Bendersky              Director de Operaciones y Tecnología
> >> dbenders@???                          http://www.netline.cl
> >> NETLINE                                Av. Vitacura # 2939 of. 202
> >> Oficina   : +56 2 751 2600            Las Condes, Santiago - CHILE
> >> Celular   : +56 9 998 9122               Fax2mail : +56 2 751 2651
> >> Voice2mail: +56 2 751 2618
> >>             "Success is a journey, not a destination"
> >> ------------------------------------------------------------------
> >> --

> >>
> >>
> >> --
> >>
> >> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> >> Exim details at http://www.exim.org/ ##
> >>
> >
> >
> > ~~ Volunteer member of Pegasus Mail & Mercury Tech Team ~~
> > ~~~~~~~ Mailed using Pegasus Mail & Mercury NDS NLM ~~~~~~
> >
> > Darran Coy, Systems Services Team Leader, CS
> > University of Lincoln
> > +---------------------------------------------+
> > |         Email:   dcoy@???         |
> > |         Tel:     +44 (0)1482 440550         |
> > +---------------------------------------------+
> > ---------------------------------------------------------
> > Quote for the day:
> >     Heavier-than-air-flying machines are impossible.
> >     -- Lord Kelvin, president, Royal Society, 1895

> >
> >
> >
> >
> >
> --
> Saludos....
>
> Daniel Bendersky.
>
> ------------------------------------------------------------------
> Daniel Bendersky              Director de Operaciones y Tecnología
> dbenders@???                          http://www.netline.cl
> NETLINE                                Av. Vitacura # 2939 of. 202
> Oficina   : +56 2 751 2600            Las Condes, Santiago - CHILE
> Celular   : +56 9 998 9122               Fax2mail : +56 2 751 2651
> Voice2mail: +56 2 751 2618
>             "Success is a journey, not a destination"
> ------------------------------------------------------------------

>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##

--
Oliver Egginger <Oliver.Egginger@???>
Fachhochschule Giessen-Friedberg