--
On Mar 7, 2004, at 11:20, Adam Bown wrote:
> Can anyone recommend a spam filter I can use with exim that will
> deliver
> spam to a mailbox or a subfolder of inbox (for IMAP collection) that
> will
> work with exim?
>
> I have exim running off mysql and have tried an ACL based spam filter
> (to
> reject at smtp data time) but didn't like it cos you have no way of
> knowing
> what is being rejected/filtered.
>
> Any advice gratefully received.
You can use either Exiscan-ACL or SA-Exim, both of which use
SpamAssassin for the filtering:
Exiscan-ACL has a "fakereject" control that can be used in an 'accept'
statement. If the message is found to be spam, it will generate a "550
FAKEREJECT ..." statement, which the remote MTA will see as delivery
failure. However, the mail is kept, and you can add appropriate
headers to use in filters (such as Cyrus Sieve, Exim Sieve, Exim
filters, or Procmail).
SA-Exim has a setting to keep or discard mails at each "threshold".
For instance, "SApermrejectkeepmail", "SAteergrubekeepmail" (I'm not
too sure about the actual name, since I don't use this any more, but
you get the idea). The mail is then stored in a "Maildir" box --
which is great if you use the Courier POP3 and IMAP suite to access
your mailbox, or a Maildir-aware command line mail client such as
'mutt'.
I use Exiscan-ACL. Here is my 'acl_check_data' ACL:
# 40_exim4-config_check_data
acl_check_data:
[.....]
# --- BEGIN EXISCAN configuration ---
# Do not scan messages submitted from our own hosts
# and locally submitted messages. Since the DATA ACL
# is not called for messages not submitted via SMTP
# protocols, we do not need to check for an empty
# host field.
accept hosts = 127.0.0.1:+relay_from_hosts
# Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
deny message = Serious MIME defect detected ($demime_reason)
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Unpack MIME containers and reject file extensions
# used by worms. Note that the extension list may be
# incomplete.
deny message = We do not accept ".$found_extension" attachments
here.
demime =
bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url:zip
warn message = X-Spam-Score: $spam_score
spam = mail:true
warn message = X-Spam-Report: $spam_report
spam = mail:true
accept
spam = mail
delay = 20s
control = fakereject
logwrite = :main,reject: Classified as spam (score
$spam_score); FROM=<$sender_address>, RCPT=<$recipients>,
S=<$h_subject:>
# accept otherwise
accept
logwrite = :main: Classified as ham (score $spam_score);
FROM=<$sender_address>, RCPT=<$recipients>, S=<$h_subject:>
--
[ smime.p7s of type application/pkcs7-signature deleted ]
--