[Exim] Re: Bug#221698: exim4: please include support for ACL…

Top Page
Delete this message
Reply to this message
Author: Andreas Metzler
Date:  
To: exim-users
CC: Steinar H. Gunderson, 221698-forwarded
Subject: [Exim] Re: Bug#221698: exim4: please include support for ACLs replacing headers
Hello,
As there has been discussion about this recently on the exim-users
mailinglists I choose this time to finally forward this bug, reported
against the bug tracking system of Debian GNU/Linux
(http://bugs.debian.org/221698):

On Wed, Nov 19, 2003 at 05:57:07PM +0100, Steinar H. Gunderson wrote:
> At our site, we use exim4 (backported from sid to woody) with
> SpamAssassin and clamav for spam and virus checking. Mail over a certain
> SA limit is simply rejected ("deny" in the DATA ACL), but mail under
> that is tagged ("warn" in the DATA ACL, adding X-Spam-Score and
> X-Spam-Report). However, there are often already such header lines in
> the message (for various reasons), and it would be nice to have the
> ability to rename or simply remove them first, causing less problems
> with filtering for clients.


> One approach would be adding something like X-Local-Spam-Score in the
> ACL and have a later redirect router that does header_remove on
> X-Spam-Score, header_add on X-Spam-Score: $h_local-spam-score, and then
> finally header_remove in X-Local-Spam-Score, but this seems
> unneccessarily ugly. Could one have something like "warn replace_message
> = " in the DATA ACL?


Steinar, the best possibilities /currently/ available found in the
thread "Removing spamassassin headers from incoming mail" seem to be
by using a system-filter. This has the benefit over router or
transport that headers added in the system-filter
| are visible to users' filter files and to all routers and transports.

while afaict headers added with a router are not:
| Because the addition does not happen until transport time, header
| lines that are added by "headers_add" are not accessible by means
| of the $header_xxx expansion syntax.


There are two possibilities with system filter:
1. (By Dennis Davis): Add a uniquely named header in the ACL:
warn message = X-SPAMSCORE: $spam_score ($spam_bar)
[...]
where SPAMSCORE is a macro containing some random output (e.g.
generated with dd if=/dev/urandom bs=1024 count=1 | openssl sha1)

and system_filter:
headers remove X-Spam-Score
if "${if def:h_X-a5aaa22682c1c87bb3ec90eb845d703f42be234f: {there}}" is there
then
headers add "X-Spam-Score: $h_X-a5aaa22682c1c87bb3ec90eb845d703f42be234f:"
headers remove X-a5aaa22682c1c87bb3ec90eb845d703f42be234f
endif

2. Instead of adding a header in the ACL set $acl_m0 to contents of
the header and add it in the system filter:
if first_delivery then
  headers remove X-Spam-Score
  if "$acl_m0" is not ""
  then
    headers add "X-Spam-Score: $acl_m0"
  endif
endif


The second one is untested.
                 cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"