Thomas Hager wrote:
>On Fri, 2005-03-04 at 12:28 +0100, fhuet wrote:
>
>
>>In fact, in my exim4.conf, i have this yet :
>>acl_smtp_data = check_message
>>
>>
>and what did the check_message acl look like?
>
>
>
>>then I changed as you said. But now, all mails are rejected :
>>
>>2005-03-04 12:24:58 1D7AvQ-0006yg-Hy
>>H=21.red-213-98-160.pooles.rima-tde.net (mail.mysociety.com)
>>[213.98.160.21] F=<silvia38@???> rejected after DATA
>>2005-03-04 12:24:59 1D7AvS-0006yj-KW H=vg1.xxx.com [62.23.133.253]
>>F=<info@???> rejected after DATA
>>2005-03-04 12:24:59 1D7AvS-0006yi-Gh H=(mail.mysociety.com)
>>[213.171.224.44] F=<clientes@???> rejected after DATA
>>2005-03-04 12:25:02 1D7AvV-0006yn-MU H=(sunxx97.xxxx.net)
>>[209.207.134.250] F=<3.7m@23.97g> rejected after DATA
>>
>>
>looks like you forgot to add the final "accept" keyword to the
>acl_clamav ACL.
>
>hth,
>tom.
>
>
>
here is acl conf (be carreful, it's a bit tumble!):
#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#
#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.
begin acl
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
deny hosts = +rbl_hosts
message = host is listed in $dnslist_domain
dnslists = rbl.mail-abuse.org
warn hosts = +rbl_hosts
message = X-Warning: $sender_host_address is listed at
$dnslist_domain
dnslists = dialups.mail-abuse.org
accept domains = +local_domains
accept domains = +relay_domains
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted
# OLD SECTION
#!!# ACL that is used after the DATA command
#check_message:
# accept
#########
#!!# ACL that is used after the DATA command
#check_message:
#accept
#require verify = header_sender
##### clamav ACL, reject virus infected mails with proper error
acl_clamav:
deny message = virus no good, go home!
malware = *
demime =
ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:p
cd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
accept
#deny message = This message contains malformed MIME ($demime_reason).
#demime = *
#condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Deny viruses.
#deny message = Message contains malware or a virus ($malware_name).
# log_message = $sender_host_address tried sending $malware_name
#demime = *
#malware = *
#deny message = Potentially executable content. If you meant to send
this file \
#then please package it up as a zip file and resend it.
demime =
ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:p
cd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
# Add X-Scanned Header
warn message = X-Antivirus-Scanner: Clean mail though you should still
use an Antivirus
##### end clamav ACL
acl_check_data:
# On redirige les mails douteux sur /var/spool/exim4/quarantaine
warn message = X-Redirect-To: quarantaine@localhost
demime = com:vbs:bat:cmd:pif:scr:exe
# On tag l'entete du mail
warn message = Nom du virus detecte ($malware_name)
malware = *
# On redirige les mails contenant des types mine inconnus et ceux
contenant des virus.
warn message = X-Redirect-To: quarantaine@localhost
demime = *
malware = *
# On tag l'entete du mail spamme
warn message = X-Spam-Score: pfrsmtp01 $spam_score ($spam_bar)
spam=nobody:true
# On tag le Subject du mail avec *SPAM* pour bien l'identifier.
warn message = Subject: *SPAM* $h_Subject
spam=nobody
# On redirige les mails ayant un score spam superieur a 8 ( multiplier
par 10)
# Spamassassin effacera, par defaut, les score superieur a 5.
warn message = X-Redirect-To: quarantaine@localhost
spam=nobody:true
condition = ${if >{$spam_score_int}{80}{1}{0}}
# Add Message-ID if missing
warn condition = ${if !def:h_Message-ID: {1}}
hosts = +relay_from_hosts
message = Message-ID: <E$message_id@$primary_hostname>
# Deny unless the address list headers are syntactically correct.
#
# This is disabled by default because it might reject legitimate mail.
# If you want your system to insist on syntactically valid address
# headers, you might want to enable the following lines.
# deny message = Message headers fail syntax check
# !acl = acl_whitelist_local_deny
# !verify = header_syntax
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
# deny message = No verifiable sender address in message headers
# !acl = acl_whitelist_local_deny
# !verify = header_sender
# accept otherwise
accept
--
Franck Huet
Administrateur Unix
Boursorama
Tel : 01-46-09-48-17
