On Sun, Nov 02, 2003 at 07:45:22AM -0800, Avleen Vig wrote:
> Ok to make this a little more sane, I have the following router:
>
> ditch_spam:
> driver = redirect
> allow_fail
> data = :blackhole:
> condition = ${if >{$spam_score_int}{${lookup mysql{select sa_refuse * 10 from users,domains \
> where localpart = '${quote_mysql:$local_part}' \
> and domain = '${quote_mysql:$domain}' \
> and users.spamassassin = '1' \
> and users.domain_id=domains.domain_id }}} {yes}{no}}
> local_part_suffix = -*
> local_part_suffix_optional
>
> Unfortunately this seems to :blackhole: mail where the mysql lookup has
> NOT returned a result. To make matters worse, it only :blackhole:'s
> sometimes, not all the time.
I keep replying to my own mails! Damnit!
Well, I solved the problem after a good day of ripping my hair out. The
solution needs to be in the archives :-)
First the router:
ditch_spam:
driver = redirect
allow_fail
data = :blackhole:
condition = ${if >{$spam_score_int}{${lookup mysql{select sa_refuse * 10 from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_spamassassin = '1' \
and users.domain_id=domains.domain_id }{$value}{999999}}} {yes}{no}}
local_part_suffix = -*
local_part_suffix_optional
retry_use_local_part
This, for me at least, completely solves the problem of per-user spam
filtering with exiscan. The message is always scanned after DATA, but
never denied. The ACL is instead set to 'warn'.
Then this router (it's also the first router) checks to make sure
$spam_score_int is > the value in the db.
I had one very annoying problem: if the database returned "no data" or
"empty result set", when exim tries to expand $value, I think is expands
it to '0', resulting in almost all messages getting blackholed!
So I put the '999999' in, for the event that $value is empty.
I'm still learning exim conditions, evrything I know I've learnt in the
last 24 hours.
Can I replace the '999999' with 'fail' ?
Anyway, here's the other router for dealing with viruses marked with a
'warn' in the ACL:
ditch_malware:
driver = redirect
allow_fail
data = :blackhole:
condition = ${if and { {match {$h_X-ACL-Warn:}{.*malware.*}} \
{eq {${lookup mysql{select users.on_avscan from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and users.on_avscan = '1' \
and users.domain_id=domains.domain_id}}}{1} }} {yes}{no} }
All of these will be part of vexim2..