[Exim] Re: Spamassassin and Exim 4.20 Help needed

Top Page
Delete this message
Reply to this message
Author: Peter McGarvey
Date:  
To: Daniel Bendersky
CC: exim-users
Subject: [Exim] Re: Spamassassin and Exim 4.20 Help needed
--
* Daniel Bendersky <dbenders@???> [2003-06-19 17:21:36 BST]:
> Hi, that sound very nice!
>
> Can you give me an example in how to do that?


Indeed.

The attached file is the ACL section from my test server which shows how
recipient based spam/av scanning can be done. This is only part of the
answer. My routers, transports, and filters are not sufficiently tidy
to inflict them on the world at large (they are also partially broke
atm).




> On Thursday, June 19, 2003, at 11:01 AM, Peter McGarvey wrote:
>
> >* Daniel Bendersky <dbenders@???> [2003-06-19 15:16:01 BST]:
> >>Hi,
> >>
> >>I have the Exim 4.20 with the exiscan-acl patch and I have already
> >>tried to set up the spamassassin at the ACL.
> >>
> >>It works perfect and was very easy to set it up, BUT my problem is
> >>that
> >>I run an ISP with Thousands of e-mail accounts, so the load of the
> >>servers (that are behind a load balancer) grow from 0.5 to 60 so I
> >>turned it off.
> >>
> >>One guy here at the list, told me that there is no way to check an
> >>e-mail message at the ACL only for a group of users. That I must to do
> >>it using routers.
> >>Only 4% of the messages need to be scanned (I know that because I have
> >>already the RAV antivirus working), so I want to run SA the same way,
> >>only for a group of users.
> >>
> >>With this info on the table, what you suggest?
> >
> >It is possible to turn scanning on based on a recipient using the
> >"acl_c?" variables to set a flag in the acl_smtp_rcpt, which the
> >acl_smtp_data will check to see if scanning is required.
> >
> >Only snag is that if one recipient has scanning enabled, it's enabled
> >for all. I worked around this by adding a header which can later be
> >used in routers, transports, and filters. Not the most elegant of
> >solutions, but it works.
> >
> >--
> >TTFN, FNORD
> >
> >Peter McGarvey
> >Freelance FreeBSD Hacker
> >(will work for bandwidth)
> >
> >
> >
> --
> Saludos....
>
> Daniel Bendersky.
>
> ------------------------------------------------------------------
> Daniel Bendersky              Director de Operaciones y Tecnología
> dbenders@???                          http://www.netline.cl
> NETLINE                                Av. Vitacura # 2939 of. 202
> Oficina   : +56 2 751 2600            Las Condes, Santiago - CHILE
> Celular   : +56 9 998 9122               Fax2mail : +56 2 751 2651
> Voice2mail: +56 2 751 2618
>            "Success is a journey, not a destination"
> ------------------------------------------------------------------

>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>


--
TTFN, FNORD

Peter McGarvey
Freelance FreeBSD Hacker
(will work for bandwidth)
--
##
## Proof of concept for enabling Spam/Virii scanning based on the
## recipients of a mail.
##
##      exim 4.20
##      exiscan-acl 0.09
##      spamassassin 2.55
##      sophos 3.69
##      sophie 3.02
##
##      running on FreeBSD 4.8_STABLE
##
##      Backend DB is simply a slightly modified version of the vmail-sql
##      framework.  See http://www.ex-parrot.com/~chris/vmail-sql/ for more
##      info on vmail-sql.
##



## ----------------------------------------------------------------------------
## ACL Control
##      - ACL control
##      - Things needed in the ACLs


## Which ACLs do we want?

acl_smtp_mail = acl_check_sender
acl_smtp_rcpt = acl_check_recipient
acl_smtp_data = acl_check_content

## Setting for exiscan
av_scanner = sophie:/var/run/sophie
# spamd_address = 127.0.0.1 783

## ----------------------------------------------------------------------------
## ACLs
##      - fianally, a rewrite
##


begin acl

## MAIL
acl_check_sender:

    accept



## ACL that is used after the RCPT command
acl_check_recipient:

    # NB: If one recipient has AV/SPAM scanning enabled, it will effect the
    #     mail FOR ALL THE RECIPIENTS!


    ## Do we scan for virii?
    warn
        condition = \
        ${if eq                                                                     \
            {}                                                                      \
            {${lookup mysql {                                                       \
                SELECT domain                                                       \
                    FROM exiscan_domains                                            \
                        LEFT join domain_alias                                      \
                            ON domain_alias.domain_name = exiscan_domains.domain    \
                    WHERE exiscan_domains.enabled = 'Y'                             \
                        AND exiscan_domains.av = 'Y'                                \
                        AND (exiscan_domains.domain = '$domain'                     \
                                OR domain_alias.alias = '$domain')                  \
            }}}                                                                     \
        {false} {true}}
        set acl_c1 = scan
        message = X-Scan-Flag: AV


    ## Do we scan for SPAM?
    warn
        condition = \
        ${if eq                                                                     \
            {}                                                                      \
            {${lookup mysql {                                                       \
                SELECT domain                                                       \
                    FROM exiscan_domains                                            \
                        LEFT join domain_alias                                      \
                            ON domain_alias.domain_name = exiscan_domains.domain    \
                    WHERE exiscan_domains.enabled = 'Y'                             \
                        AND exiscan_domains.spam = 'Y'                              \
                        AND (exiscan_domains.domain = '$domain'                     \
                                OR domain_alias.alias = '$domain')                  \
            }}}                                                                     \
        {false} {true}}
        set acl_c2 = scan
        message = X-Scan-Flag: SPAM



    ## ANTI-RELAY  -- needs mreging with above...


    accept
        hosts = :


    deny
        local_parts   = ^.*[@%!/|] : ^\\.
        message       = (#1) Go and boil your bottom, sons of a silly person. I blow my nose at you!


    accept
        local_parts   = postmaster
        domains       = +local_domains


    accept
        domains       = +local_domains
        endpass
        message       = (#2) Go and boil your bottom, sons of a silly person. I blow my nose at you!
        verify        = recipient


#    accept
#        domains       = +relay_to_domains
#        endpass
#        message       = unrouteable address
#        verify        = recipient


    accept
        hosts         = +relay_hosts


    accept
        authenticated = *


    require
        verify        = sender


    deny
        message     = (#3) Go and boil your bottom, sons of a silly person. I blow my nose at you!




  # Exim 3 had no checking on -bs messages, so for compatibility
  # we accept if the source is local SMTP (i.e. not over TCP/IP).
  # We do this by testing for an empty sending host field.
  #accept  hosts = :
  #accept  domains = +local_domains
  #accept  hosts = +relay_hosts
  #deny    message = relay not permitted


## ACL that is used after the DATA command
acl_check_content:

    ##  The "confidence" headers are added by acl_check_recipient


    ## Demime, and Scan for Virii
    warn
        condition = ${if eq{$acl_c1}{scan} {true} {false}}
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}
        message = X-MIME-Error: $demime_reason
#    warn
#        condition = ${if eq{$acl_c1}{scan} {true} {false}}
#        demime = src:vbs:bat:lnk:pif
#        message = X-MIME-DENY: $found_extension
    warn
        condition = ${if eq{$acl_c1}{scan} {true} {false}}
        malware = *
        message = X-INFECTED: YES
    warn
        condition = ${if eq{$acl_c1}{scan} {true} {false}}
        malware = *
        message = X-Malware: $malware_name



    ## Can the SPAM
    warn
        condition = ${if eq{$acl_c2}{scan} {true} {false}}
        spam = mail
        message = X-Spam-Flag: YES
    warn
        condition = ${if eq{$acl_c2}{scan} {true} {false}}
        spam = mail:true
                ## NB: "true" means this will always succeed
                ##      so this header will ALWAYS get added.
        message = X-Spam-Score: $spam_score ($spam_bar)
    warn
        condition = ${if eq{$acl_c2}{scan} {true} {false}}
        spam = mail
        #condition = ${if >{$spam_score_int}{100}{1}{0}}
        message = X-Spam-Report: $spam_report



    ## Overide the implicit deny
    accept



## ----------------------------------------------------------------------------
## Copyright © 2003-05-08 Peter P. McGarvey <xaphod@???>
## Licence: BSD
--