RE: [Exim] Exim-Exiscan 4.22-12 w/SA scanning outgoing mail

Top Page
Delete this message
Reply to this message
Author: Mirko Thiesen
Date:  
To: Dickenson, Steven
CC: exim-users
Subject: RE: [Exim] Exim-Exiscan 4.22-12 w/SA scanning outgoing mail
On Mon, 19 Apr 2004, Dickenson, Steven wrote:

> Mirko Thiesen wrote:
> > I've been using Exim-Exiscan 4.22-12 in combination with SpamAssassin
> > for some months now on one of my NetBSD boxes. Only recently I
> > noticed that SA is also checking my *outbound* email and not only my
> > inbound. I know for sure that this behaviour hasn't been there all
> > the time, but I can't remember what I might have done to provoke this
> > behaviour. Actually even mail not leaving my system at all (i.e.
> > local mail) is being scanned by SA.
>
> If we could see your DATA ACL, it would make things easier. Also, a little


This is my acl_check_content:

  accept condition = ${if eq {${hmac{md5}\
                                    {secret}\
                                    {$body_linecount}}}\
                             {$h_X-Scan-Signature:} {1}{0}}


accept hosts = 127.0.0.1:+relay_from_hosts

  deny  message = This message contains a MIME error ($demime_reason).
        demime = *
        condition = ${if >{$demime_errorlevel}{2}{1}{0}}


  deny  message = This message contains malware ($malware_name).
        demime  = *
        malware = *


  deny  message = This message matches a blacklisted regular expression \
($regex_match_string).
        regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa]


  warn  message = X-Spam-Score: $spam_score ($spam_bar)
        spam = mail:true
  warn  message = X-Spam-Report: $spam_report
        spam = mail:true


  warn message = X-Spam-Flag: YES
       spam = mail


  warn  message = Subject: **** SPAM **** $h_Subject
        spam = mail


  deny  message = This message scored $spam_score spam points. \
Congratulations!
        spam = mail:true
        condition = ${if >{$spam_score_int}{50}{1}{0}}


  warn message = X-Scan-Signature: ${hmac{md5}{secret}\
                                         {$body_linecount}}


accept



> information on your setup would help. Is this server relaying mail for
> internal machines, is it local mail, etc.


Okay. The box in question is in fact relaying mail for a few internal
hosts. It is connected to the Internet and does deliveries directly, and
since it is the only host with an external IP, it also receives incoming
all incoming mail.

> I have an ACL early on in the data phase that says
>
> accept hosts = +relay_from hosts
>
> so that I don't virus scan or spam scan outgoing e-mail coming from my
> internal Exchange server. If you're talking about locally submitted mail,
> you can use a similar line (accept hosts = @).


This is what I want. I really thought my "accept hosts" line would do
exactly this. I just changed it to look like your entry but it does not
help. SA is still checking my outgoing emails.

Bye, K&K,
T-Zee
--
thiesi@??? ---- NetBSD: Power to the people!
Tel.: ++49-(0)171-416 05 09 -- Fax: ++49-(0)171-134 16 05 09
Mirko Thiesen, P.O. Box 26 03 54, D-13413 Berlin, W. Germany
             "We're with you all the way, mostly"