Solved: Re: [Exim] local_part in exiscan

Top Page
Delete this message
Reply to this message
Author: Avleen Vig
Date:  
To: exim-users
Subject: Solved: Re: [Exim] local_part in exiscan
On Sun, Nov 02, 2003 at 07:45:22AM -0800, Avleen Vig wrote:
> Ok to make this a little more sane, I have the following router:
>
> ditch_spam:
>   driver = redirect
>   allow_fail
>   data = :blackhole:
>   condition = ${if >{$spam_score_int}{${lookup mysql{select sa_refuse * 10 from users,domains \
>                 where localpart = '${quote_mysql:$local_part}' \
>                 and domain = '${quote_mysql:$domain}' \
>                 and users.spamassassin = '1' \
>                and users.domain_id=domains.domain_id }}} {yes}{no}}
>   local_part_suffix = -*
>   local_part_suffix_optional

>
> Unfortunately this seems to :blackhole: mail where the mysql lookup has
> NOT returned a result. To make matters worse, it only :blackhole:'s
> sometimes, not all the time.


I keep replying to my own mails! Damnit!
Well, I solved the problem after a good day of ripping my hair out. The
solution needs to be in the archives :-)

First the router:
ditch_spam:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if >{$spam_score_int}{${lookup mysql{select sa_refuse * 10 from users,domains \
                where localpart = '${quote_mysql:$local_part}' \
                and domain = '${quote_mysql:$domain}' \
                and users.on_spamassassin = '1' \
                and users.domain_id=domains.domain_id }{$value}{999999}}} {yes}{no}}
  local_part_suffix = -*
  local_part_suffix_optional
  retry_use_local_part


This, for me at least, completely solves the problem of per-user spam
filtering with exiscan. The message is always scanned after DATA, but
never denied. The ACL is instead set to 'warn'.

Then this router (it's also the first router) checks to make sure
$spam_score_int is > the value in the db.

I had one very annoying problem: if the database returned "no data" or
"empty result set", when exim tries to expand $value, I think is expands
it to '0', resulting in almost all messages getting blackholed!
So I put the '999999' in, for the event that $value is empty.
I'm still learning exim conditions, evrything I know I've learnt in the
last 24 hours.
Can I replace the '999999' with 'fail' ?


Anyway, here's the other router for dealing with viruses marked with a
'warn' in the ACL:
ditch_malware:
  driver = redirect
  allow_fail
  data = :blackhole:
  condition = ${if and { {match {$h_X-ACL-Warn:}{.*malware.*}} \
                         {eq {${lookup mysql{select users.on_avscan from users,domains \
                                where localpart = '${quote_mysql:$local_part}' \
                                and domain = '${quote_mysql:$domain}' \
                                and users.on_avscan = '1' \
                                and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }



All of these will be part of vexim2..