Re: [Exim] SpamAssassin/Exiscan-ACL

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
Subject: Re: [Exim] SpamAssassin/Exiscan-ACL
On Sat, Aug 23, 2003 at 02:14:36AM -0500, Cory Daehn wrote:
> exim-4.22-3rph.i586.rpm was the source.
>
> (/root) -> exim -bV

[...]
> Configuration file is /etc/exim/exim.conf


> My question is, what if any, changes will I need to add SA/Exiscan to my
> configuration...


Impossible to tell, exim -bV does not tell whether the binary was
patched with exiscan-acl or includes sa-exim as local_scan. You could
copy your exim.conf, include an inactive ACL using exiscan-options
-------------
inactive:
deny  message = Serious MIME defect detected ($demime_reason)
      demime = *
      condition = ${if >{$demime_errorlevel}{2}{1}{0}}
-------------
and test whether "exim -bV -C /path/to/exim.conf.axiscanacl" barfs
with:
2003-08-23 09:55:17 Exim configuration error in line 135:
  error in ACL: unknown ACL condition/modifier in "demime = *"
or not.


> As much as I'm opposed to the idea, the request has finally
> come down due to the latest viruses...    Everything I'm seeing is talking
> about compiling exim... something I'd rather not do if I can avoid it since I
> have yet to get the 4.x version to build properly on my system for some
> reason.


There are precompiled rpm's for RedHat7/8/9 on ftp.exim.org which
include the exiscan-acl and offer the sa-exim plugin as separate
rpm. They work quite well for me. If you are running RedHat and
deciding to use rpm I'd suggest to backup your config, copy
/etc/exim/exim.conf to /etc/exim/exim4.conf, uninstall (probably with
---force) the old rpms and install Nigel's rpms afterwards. rpm -U
probably won't work.

> I would also like to explore the possibility of adding SMTP-AUTH to my
> configuration, PAM is already built in,


PAM is a little bit more difficult, you'll need to add pam-exim

> but many of my users are virtual
> domain users, whose password information is kept in
> /etc/vmail/shadow.domain.name...


Just use a regular lsearch lookup, like this one, which parses an
colon separated list containing username and crypted pasword in the
leading two columns, and cleartext password in the 3rd column
plain:
   driver = plaintext
   public_name = PLAIN
   server_condition = "${if crypteq{$3}{${extract{1}{:}\
                        {${lookup{$2}lsearch{CONFDIR/passwd}{$value}\
                        {*:*}}}}}{1}{0}}"
   server_set_id = $2
   server_prompts = :


cram_md5:
   driver = cram_md5
   public_name = CRAM-MD5
# force failure if lookup doesn't succeed
   server_secret = ${extract{2}{:}{${lookup{$1}\
                    lsearch{CONFDIR//passwd}{$value}fail}}}
   server_set_id = $1



spect.txt has more examples.
               cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"