--
* Daniel Bendersky <dbenders@???> [2003-06-19 17:21:36 BST]:
> Hi, that sound very nice!
>
> Can you give me an example in how to do that?
Indeed.
The attached file is the ACL section from my test server which shows how
recipient based spam/av scanning can be done. This is only part of the
answer. My routers, transports, and filters are not sufficiently tidy
to inflict them on the world at large (they are also partially broke
atm).
> On Thursday, June 19, 2003, at 11:01 AM, Peter McGarvey wrote:
>
> >* Daniel Bendersky <dbenders@???> [2003-06-19 15:16:01 BST]:
> >>Hi,
> >>
> >>I have the Exim 4.20 with the exiscan-acl patch and I have already
> >>tried to set up the spamassassin at the ACL.
> >>
> >>It works perfect and was very easy to set it up, BUT my problem is
> >>that
> >>I run an ISP with Thousands of e-mail accounts, so the load of the
> >>servers (that are behind a load balancer) grow from 0.5 to 60 so I
> >>turned it off.
> >>
> >>One guy here at the list, told me that there is no way to check an
> >>e-mail message at the ACL only for a group of users. That I must to do
> >>it using routers.
> >>Only 4% of the messages need to be scanned (I know that because I have
> >>already the RAV antivirus working), so I want to run SA the same way,
> >>only for a group of users.
> >>
> >>With this info on the table, what you suggest?
> >
> >It is possible to turn scanning on based on a recipient using the
> >"acl_c?" variables to set a flag in the acl_smtp_rcpt, which the
> >acl_smtp_data will check to see if scanning is required.
> >
> >Only snag is that if one recipient has scanning enabled, it's enabled
> >for all. I worked around this by adding a header which can later be
> >used in routers, transports, and filters. Not the most elegant of
> >solutions, but it works.
> >
> >--
> >TTFN, FNORD
> >
> >Peter McGarvey
> >Freelance FreeBSD Hacker
> >(will work for bandwidth)
> >
> >
> >
> --
> Saludos....
>
> Daniel Bendersky.
>
> ------------------------------------------------------------------
> Daniel Bendersky Director de Operaciones y Tecnología
> dbenders@??? http://www.netline.cl
> NETLINE Av. Vitacura # 2939 of. 202
> Oficina : +56 2 751 2600 Las Condes, Santiago - CHILE
> Celular : +56 9 998 9122 Fax2mail : +56 2 751 2651
> Voice2mail: +56 2 751 2618
> "Success is a journey, not a destination"
> ------------------------------------------------------------------
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
>
--
TTFN, FNORD
Peter McGarvey
Freelance FreeBSD Hacker
(will work for bandwidth)
--
##
## Proof of concept for enabling Spam/Virii scanning based on the
## recipients of a mail.
##
## exim 4.20
## exiscan-acl 0.09
## spamassassin 2.55
## sophos 3.69
## sophie 3.02
##
## running on FreeBSD 4.8_STABLE
##
## Backend DB is simply a slightly modified version of the vmail-sql
## framework. See http://www.ex-parrot.com/~chris/vmail-sql/ for more
## info on vmail-sql.
##
## ----------------------------------------------------------------------------
## ACL Control
## - ACL control
## - Things needed in the ACLs
## Which ACLs do we want?
acl_smtp_mail = acl_check_sender
acl_smtp_rcpt = acl_check_recipient
acl_smtp_data = acl_check_content
## Setting for exiscan
av_scanner = sophie:/var/run/sophie
# spamd_address = 127.0.0.1 783
## ----------------------------------------------------------------------------
## ACLs
## - fianally, a rewrite
##
begin acl
## MAIL
acl_check_sender:
accept
## ACL that is used after the RCPT command
acl_check_recipient:
# NB: If one recipient has AV/SPAM scanning enabled, it will effect the
# mail FOR ALL THE RECIPIENTS!
## Do we scan for virii?
warn
condition = \
${if eq \
{} \
{${lookup mysql { \
SELECT domain \
FROM exiscan_domains \
LEFT join domain_alias \
ON domain_alias.domain_name = exiscan_domains.domain \
WHERE exiscan_domains.enabled = 'Y' \
AND exiscan_domains.av = 'Y' \
AND (exiscan_domains.domain = '$domain' \
OR domain_alias.alias = '$domain') \
}}} \
{false} {true}}
set acl_c1 = scan
message = X-Scan-Flag: AV
## Do we scan for SPAM?
warn
condition = \
${if eq \
{} \
{${lookup mysql { \
SELECT domain \
FROM exiscan_domains \
LEFT join domain_alias \
ON domain_alias.domain_name = exiscan_domains.domain \
WHERE exiscan_domains.enabled = 'Y' \
AND exiscan_domains.spam = 'Y' \
AND (exiscan_domains.domain = '$domain' \
OR domain_alias.alias = '$domain') \
}}} \
{false} {true}}
set acl_c2 = scan
message = X-Scan-Flag: SPAM
## ANTI-RELAY -- needs mreging with above...
accept
hosts = :
deny
local_parts = ^.*[@%!/|] : ^\\.
message = (#1) Go and boil your bottom, sons of a silly person. I blow my nose at you!
accept
local_parts = postmaster
domains = +local_domains
accept
domains = +local_domains
endpass
message = (#2) Go and boil your bottom, sons of a silly person. I blow my nose at you!
verify = recipient
# accept
# domains = +relay_to_domains
# endpass
# message = unrouteable address
# verify = recipient
accept
hosts = +relay_hosts
accept
authenticated = *
require
verify = sender
deny
message = (#3) Go and boil your bottom, sons of a silly person. I blow my nose at you!
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
#accept hosts = :
#accept domains = +local_domains
#accept hosts = +relay_hosts
#deny message = relay not permitted
## ACL that is used after the DATA command
acl_check_content:
## The "confidence" headers are added by acl_check_recipient
## Demime, and Scan for Virii
warn
condition = ${if eq{$acl_c1}{scan} {true} {false}}
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
message = X-MIME-Error: $demime_reason
# warn
# condition = ${if eq{$acl_c1}{scan} {true} {false}}
# demime = src:vbs:bat:lnk:pif
# message = X-MIME-DENY: $found_extension
warn
condition = ${if eq{$acl_c1}{scan} {true} {false}}
malware = *
message = X-INFECTED: YES
warn
condition = ${if eq{$acl_c1}{scan} {true} {false}}
malware = *
message = X-Malware: $malware_name
## Can the SPAM
warn
condition = ${if eq{$acl_c2}{scan} {true} {false}}
spam = mail
message = X-Spam-Flag: YES
warn
condition = ${if eq{$acl_c2}{scan} {true} {false}}
spam = mail:true
## NB: "true" means this will always succeed
## so this header will ALWAYS get added.
message = X-Spam-Score: $spam_score ($spam_bar)
warn
condition = ${if eq{$acl_c2}{scan} {true} {false}}
spam = mail
#condition = ${if >{$spam_score_int}{100}{1}{0}}
message = X-Spam-Report: $spam_report
## Overide the implicit deny
accept
## ----------------------------------------------------------------------------
## Copyright © 2003-05-08 Peter P. McGarvey <xaphod@???>
## Licence: BSD
--
