[Exim] optimize exim spamassassin router conditions

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Benedict Verheyen
Datum:  
To: exim-users
Betreff: [Exim] optimize exim spamassassin router conditions
Hi,

i want to optimize the way my exim4,spamassasin and amavis setup works.
These are the things that go wrong for the moment

1. Spamassassin checks virus mail:
Below is an excerpt from the email headers from a virus mail.
My exim config is also down there.
Even while it's a virus, spamassassin still checks it.
How can i make sure this is not the case? I looked at the
documentation from exim but i cannot seem to find the correct
stuff i'm looking for.

2. With this setup (routers and transports) it also checks
outgoing mail. I do not want to do this. I don't know if this
is best or not. If it's best to allow scanning anyway, it would
be cool to avoid exim adding these headers to outgoing mail.
For incoming mail this is ok off course.

I tried exim4 a while back with exiscan and thus everything via
ACL. I didn't have problem 2 with that setup i think.

Anyway, solutions or links to appropriate docs are appreciated.

Regards,
Benedict

===== email excerpt ==========
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
     arthur.camelot
X-Spam-Level: ******
X-Spam-Status: Yes, hits=6.7 required=5.0 tests=HTML_MESSAGE,
     MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET autolearn=no version=2.60
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3FABA489.6F44C926"
X-Virus-Scanned: by amavisd-new-20030616-p3 (Debian) at camelot
X-Amavis-Alert: INFECTED, message contains virus: Worm.Gibe.F
X-Amavis-Alert: BANNED FILENAME, message contains part named:
patch17.exe
===== email excerpt ==========


=========== exim 4 config ============
#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# this file is generated dynamically from the files in
# CONFDIR/conf.d/ and /etc/exim4/update-exim4.conf.conf
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########

exim_path = /usr/sbin/exim4

CONFDIR = /etc/exim4

MESSAGE_SIZE_LIMIT = 10M

.ifdef DC_minimaldns
primary_hostname = camelot
.else
.endif

domainlist local_domains = @:camelot:localhost:arthur.camelot

domainlist relay_to_domains =

hostlist relay_from_hosts = 127.0.0.1 : ::::1 : 192.168.0.0/24

qualify_domain = camelot

DCreadhost =

DCsmarthost = <mail.smtp.be>

local_interfaces = 127.0.0.1 : 127.0.0.1.10025 : 192.168.0.1

LOCAL_DELIVERY=maildir_home

gecos_pattern = ^([^,:]*)
gecos_name = $1

DCconfig_smarthost = 1

acl_smtp_rcpt = acl_check_rcpt

acl_smtp_data = acl_check_data

.ifndef DC_minimaldns
host_lookup = *
.endif

rfc1413_hosts = *
rfc1413_query_timeout = 30s

smtp_accept_queue_per_connection = 10

smtp_accept_max = 6

smtp_accept_queue = 5

queue_only_load = 20

deliver_queue_load_max = 40

ignore_bounce_errors_after = 1d

timeout_frozen_after = 2d

freeze_tell = postmaster

trusted_users = uucp

never_users = root

begin acl

acl_whitelist_local_deny:
  accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
                        {CONFDIR/local_host_whitelist}\
                        {}}
  accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
                        {CONFDIR/local_sender_whitelist}\
                        {}}


acl_check_rcpt:
accept hosts = :

deny local_parts = ^.*[@%!/|] : ^\\.

  accept local_parts = postmaster
         domains = +local_domains


  deny message = sender envelope address $sender_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
       !acl = acl_whitelist_local_deny
       senders = ${if exists{CONFDIR/local_sender_blacklist}\
                             {CONFDIR/local_sender_blacklist}\
                             {}}


  deny message = sender IP address $sender_host_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
       !acl = acl_whitelist_local_deny
       hosts = ${if exists{CONFDIR/local_host_blacklist}\
                             {CONFDIR/local_host_blacklist}\
                             {}}


  accept domains = +local_domains
         endpass
         message = unknown user
         verify = recipient


  accept domains = +relay_to_domains
         endpass
         message = unrouteable address
         verify = recipient


accept hosts = +relay_from_hosts

accept authenticated = *

deny message = relay not permitted

acl_check_data:


accept

begin routers

.ifdef DCconfig_internet

dnslookup_relay_to_domains:
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

dnslookup:
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
  no_more


.endif

.ifdef DCconfig_local
nonlocal:
driver = redirect
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
domains = ! +local_domains

.endif

.ifdef DCconfig_smarthost DCconfig_satellite
smarthost:
driver = manualroute
domains = ! +local_domains
transport = remote_smtp
route_list = * DCsmarthost
host_find_failed = defer
same_domain_copy_routing = yes
no_more

.endif

real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe

.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
data = ${local_part}@DCreadhost
check_local_user

.endif

userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  check_local_user
  file = $home/.forward
  no_verify
  no_expn
  check_ancestor
  allow_filter
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.


amavis:
    driver = manualroute
    condition = "${if or {   {eq {$interface_port}{10025}} \
                             {def:h_X-Virus-Scanned:} \
} {0}{1}}"
    transport = amavis
    route_list = "* localhost byname"
    self = send


spamcheck_router:
 no_verify
 check_local_user
 condition = "${if and { {!def:h_X-Spam-Flag:} \
                         {!eq {$received_protocol}{spam-scanned}} \
         {!match {h_X-Amavis-Alert:}{^INFECTED}} } {1}{0}}"
 driver = accept
 transport = spamcheck



procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
check_local_user
transport = procmail_pipe
require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
no_verify
no_expn

maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
transport = LOCAL_DELIVERY

begin transports

address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output

address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false

maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
directory = $home/Maildir
delivery_date_add
envelope_to_add
return_path_add
mode = 0600
mode_fail_narrower = false
maildir_format

maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add

procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
hosts_try_auth = DCsmarthost

spamcheck:
    debug_print = "T: spamassassin_pipe for $local_part@$domain"
    driver = pipe
    command = /usr/sbin/exim4 -oMr spam-scanned -bS
    use_bsmtp = true
    transport_filter = /usr/bin/spamc
    home_directory = /tmp
    current_directory = /tmp
    group = mail
    user = mail
    return_fail_output = true
    return_path_add = false
    message_prefix =
    message_suffix =


amavis:
driver = smtp
port = 10024
allow_localhost

address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
envelope_to_add = true
return_path_add = true
check_string = ""
escape_string = ""
maildir_format

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,2d,6h


begin rewrite

*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail} Ffrs


*@+local_domains "${if exists {CONFDIR/email-addresses}\

{${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
    {$value}fail}}fail}" Ffrs


.ifdef DCconfig_satellite
*@+local_domains ${local_part}@DCreadhost Ffr
.endif

begin authenticators

login:
driver = plaintext
public_name = LOGIN
client_send = ":
${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}f
ail}}}
>

${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}f
ail}}}"

=========== exim 4 config ============