Re: [Exim] ClamAV and Exim4

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Jim Archer
Data:  
Para: Brian Dessent, exim-users
Assunto: Re: [Exim] ClamAV and Exim4
--On Thursday, February 05, 2004 1:08 PM -0800 Brian Dessent
<brian@???> wrote:

> Well, the order that you do things in the ACL is completely up to you.
> You could start with a demime to check for executable attachments, then
> a clamav that rejects malware. Then if it's from an authenticated
> source, pass/allow it and stop there, otherwise scan for spam. Or,


That's what I did, when I realized that the accept essentially stopped
processing if it was true. Still, that was not good enough! I had to stay
up all night and figure a way for it to SPAM scan mail addressed to any
domain we accept mail for. Most of the night was spent learning things
like you can't check a domain named list to see if there is a domain in it,
and that the $domain variable is not available in the acl_smtp_data ACL.
(I am guessing this is because there could be multiple addressees, but a
list of addressees would sure have been handy at this point.)

I ended up adding a header in the acl_check_rcpt ACL, then testing for it
in the acl_smtp_data ACL and then removing it in the transports. Kludgy,
but it does work.

> always scan but reject only if it's a very high score (such as >=


Well, I really feel that the SPAM Assassin profile should not be impacted
by this requirement. One really has nothing to do with the other. Also,
this would impact scanning incoming mail, which we reject at 10 and tag at
4.

> 20.0). Frankly if your users are spamming through your SMTP relay,
> you've got other things to worry about than tagging it.


We certainly do not allow customers to send SPAM under any circumstances.
However, sometimes legitimate messages look like SPAM to SA. For example,
a guy who sends out a nice HTML version of his resume to a recruiter who
asked for it could easily find his resume tagged as SPAM. Since there are
brain-dead mail clients that can not filter on a non-standard header, we
tag the subject line with [SPAM SA:4.8] so the user can filter on [SPAM SA:

Thanks again for your help! I do appreciate it!

Jim