[Exim] Need help rejecting spam at ACL-CONTENT time with per…

Top Page
Delete this message
Reply to this message
Author: Marques Johansson
Date:  
To: Exim Users
Subject: [Exim] Need help rejecting spam at ACL-CONTENT time with per-user bayes data
I have the following ACL lines to drop some spam at the door and mark-up
the rest:

acl_check_data:
deny message = Spam score too high ($spam_score)
condition = ${if <{$message_size}{120k}{1}{0}}
spam = Debian-exim:true
condition = ${if >{$spam_score_int}{100}{1}{0}}

warn message = X-Spam-Status: Yes, hits=$spam_score required=5.0
condition = ${if >{$spam_score_int}{50}{1}{0}}
spam = Debian-exim:true
...

The problem with this is that I want to have per-user bayesian data.

SpamC seems to be smart in that a message for displague@???
will get processed as user "displague" - updating my bayesian database
(and I believe Debian-exim's also). But a message sent to
marques@??? will not go to the same bayesian database - it
will go to Debian-exim's bayes db only. Further, a message sent to
displague@??? will get processed by my bayesian
database and not that of the correct user.

I was hoping to borrow a line from my virtual_alias router to do this:

warn message = X-Spam-Status: Yes, hits=$spam_score required=5.0
condition = ${if >{$spam_score_int}{50}{1}{0}}
spam = ${lookup{$local_part}lsearch*{/etc/mail/$domain}}:true

The following error is produced from that configuration:

temporarily rejected after DATA: failed to expand ACL string
"${lookup{$local_part}lsearch*{/etc/mail/$domain}}:true": /etc/mail/ is
not a regular file (lsearch lookup)

I'm guessing $domain is not available at DATA time? (or is it
local_part, or both?)

So I read
http://lists.merlins.org/archives/sa-exim/2003-July/000511.html , then try:

acl_check_rcpt:
  set acl_m0    = $local_part
  set acl_m1    = $domain
  ...


acl_check_data:
  ...
  warn message = X-Spam-Status: Yes, hits=$spam_score required=5.0
     condition = ${if >{$spam_score_int}{50}{1}{0}}
     spam = ${lookup{$acl_m0}lsearch*{/etc/mail/$acl_m1}}:true
  ...


And I get:

temporarily rejected after DATA: failed to expand ACL string
"${lookup{$acl_m0}lsearch*{/etc/mail/$acl_m1}}:true": /etc/mail/ is not
a regular file (lsearch lookup)

I thought the acl_mX variables persisted?

I have seen the GROUPA, GROUPB, GROUPC spam filtering methods described
in the past, but I would like to know if pre-delivery denial and mark-up
of spam can be done with per-user spam scanning (providing per-user
bayes data)?

( The configuration I am trying may cause problems with system_alias
delivery, as the virtual_aliases router does not handle localhost mail
-- root@localhost -- perhaps the failed lookup could default to
Debian-exim - suggestions?)