Hi,
i want to optimize the way my exim4,spamassasin and amavis setup works.
These are the things that go wrong for the moment
1. Spamassassin checks virus mail:
Below is an excerpt from the email headers from a virus mail.
My exim config is also down there.
Even while it's a virus, spamassassin still checks it.
How can i make sure this is not the case? I looked at the
documentation from exim but i cannot seem to find the correct
stuff i'm looking for.
2. With this setup (routers and transports) it also checks
outgoing mail. I do not want to do this. I don't know if this
is best or not. If it's best to allow scanning anyway, it would
be cool to avoid exim adding these headers to outgoing mail.
For incoming mail this is ok off course.
I tried exim4 a while back with exiscan and thus everything via
ACL. I didn't have problem 2 with that setup i think.
Anyway, solutions or links to appropriate docs are appreciated.
Regards,
Benedict
===== email excerpt ==========
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
arthur.camelot
X-Spam-Level: ******
X-Spam-Status: Yes, hits=6.7 required=5.0 tests=HTML_MESSAGE,
MICROSOFT_EXECUTABLE,MIME_HTML_NO_CHARSET autolearn=no version=2.60
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3FABA489.6F44C926"
X-Virus-Scanned: by amavisd-new-20030616-p3 (Debian) at camelot
X-Amavis-Alert: INFECTED, message contains virus: Worm.Gibe.F
X-Amavis-Alert: BANNED FILENAME, message contains part named:
patch17.exe
===== email excerpt ==========
=========== exim 4 config ============
#########
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# this file is generated dynamically from the files in
# CONFDIR/conf.d/ and /etc/exim4/update-exim4.conf.conf
# Any changes you make here will be lost.
# See /usr/share/doc/exim4-base/README.Debian and update-exim4.conf(8)
# for instructions of customization.
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
# WARNING WARNING WARNING
#########
exim_path = /usr/sbin/exim4
CONFDIR = /etc/exim4
MESSAGE_SIZE_LIMIT = 10M
.ifdef DC_minimaldns
primary_hostname = camelot
.else
.endif
domainlist local_domains = @:camelot:localhost:arthur.camelot
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : ::::1 : 192.168.0.0/24
qualify_domain = camelot
DCreadhost =
DCsmarthost = <mail.smtp.be>
local_interfaces = 127.0.0.1 : 127.0.0.1.10025 : 192.168.0.1
LOCAL_DELIVERY=maildir_home
gecos_pattern = ^([^,:]*)
gecos_name = $1
DCconfig_smarthost = 1
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
.ifndef DC_minimaldns
host_lookup = *
.endif
rfc1413_hosts = *
rfc1413_query_timeout = 30s
smtp_accept_queue_per_connection = 10
smtp_accept_max = 6
smtp_accept_queue = 5
queue_only_load = 20
deliver_queue_load_max = 40
ignore_bounce_errors_after = 1d
timeout_frozen_after = 2d
freeze_tell = postmaster
trusted_users = uucp
never_users = root
begin acl
acl_whitelist_local_deny:
accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = postmaster
domains = +local_domains
deny message = sender envelope address $sender_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
deny message = sender IP address $sender_host_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
!acl = acl_whitelist_local_deny
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
acl_check_data:
accept
begin routers
.ifdef DCconfig_internet
dnslookup_relay_to_domains:
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
no_more
.endif
.ifdef DCconfig_local
nonlocal:
driver = redirect
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
domains = ! +local_domains
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
smarthost:
driver = manualroute
domains = ! +local_domains
transport = remote_smtp
route_list = * DCsmarthost
host_find_failed = defer
same_domain_copy_routing = yes
no_more
.endif
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
data = ${local_part}@DCreadhost
check_local_user
.endif
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
allow_filter
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.
amavis:
driver = manualroute
condition = "${if or { {eq {$interface_port}{10025}} \
{def:h_X-Virus-Scanned:} \
} {0}{1}}"
transport = amavis
route_list = "* localhost byname"
self = send
spamcheck_router:
no_verify
check_local_user
condition = "${if and { {!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!match {h_X-Amavis-Alert:}{^INFECTED}} } {1}{0}}"
driver = accept
transport = spamcheck
procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
check_local_user
transport = procmail_pipe
require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
no_verify
no_expn
maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
transport = LOCAL_DELIVERY
begin transports
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output
address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply
mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
directory = $home/Maildir
delivery_date_add
envelope_to_add
return_path_add
mode = 0600
mode_fail_narrower = false
maildir_format
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
hosts_try_auth = DCsmarthost
spamcheck:
debug_print = "T: spamassassin_pipe for $local_part@$domain"
driver = pipe
command = /usr/sbin/exim4 -oMr spam-scanned -bS
use_bsmtp = true
transport_filter = /usr/bin/spamc
home_directory = /tmp
current_directory = /tmp
group = mail
user = mail
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
amavis:
driver = smtp
port = 10024
allow_localhost
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
envelope_to_add = true
return_path_add = true
check_string = ""
escape_string = ""
maildir_format
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,2d,6h
begin rewrite
*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail} Ffrs
*@+local_domains "${if exists {CONFDIR/email-addresses}\
{${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
{$value}fail}}fail}" Ffrs
.ifdef DCconfig_satellite
*@+local_domains ${local_part}@DCreadhost Ffr
.endif
begin authenticators
login:
driver = plaintext
public_name = LOGIN
client_send = ":
${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}f
ail}}}
>
${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}f
ail}}}"
=========== exim 4 config ============
