Rodney Arne Karlsen wrote:
> Hi all
>
> I am having a problem with an Exim ACL and need a few more pairs of eyes to
> double check this for me.
>
> Basically I have this mail server where some clients do not want their mail
> checked for spam. This is because they receive a lot of mail from Asian
> countries and Spam Assassin seems to not like it much.
>
> What I did was to create a file called /etc/host_spam_noscan_to that contains
> the domains that will not have their incoming mail checked for spam. I then
> put a new ACL line above the entries that check for spam.
>
> accept condition = ${lookup{$domain}lsearch{/etc/host_spam_noscan_to}{1}{0}}
>
> The way I see it is that if the recipient's domain is found in the file, the
> condition will return true and the message will be accepted, skiping the spam
> checking ACLs.
>
> Unfortunately this is not working. Mail is still being rejected.
Here's what I do:
1. Set spamassassin's threshold really high so that we don't reject
false positives (I use 30).
2. Reject mail based on spamassasin thinking it's spam - scores of 30+.
3. Set some ACL variables to the report and other things.
4. Accept the mail if it's otherwise acceptable (I've had to take
the whole message to scan it anyway).
5. At routing time decide what to do with it based on the domain's
preferences.
I've included the VMAIL_* macros so that the routers and tranports
might make a bit more sense to those that have used vmailmgr.
Contact me privately if you want the autoblacklist stuff for relay
clients.
USE_SPAMBUCKET= yes
HOSTNAME=my.host.name
SPAM_FILTER = ${lookup{$domain} lsearch{/etc/exim/exclude.spamfilter}{no}{yes}}
SPAM_COUNT = ${lookup pgsql{SELECT * \
FROM spam_count('$sender_host_address', $acl_m0)}{$value}}
VMAIL_USER = ${lookup{$domain} lsearch{/var/qmail/control/virtualdomains} \
{$value}fail}
VMAIL_MBOX = ${perl {vmail_mailbox}{/usr/home/VMAIL_USER/passwd.cdb}}
acl_smtp_data:
deny condition = ${if <{$message_size}{80k}{yes}{no}}
!hosts = net-iplsearch;/etc/exim/exclude.spamfilter.nets
spam = HOSTNAME/defer_ok
message = This message rated as spam
log_message = SPAM message $spam_score
warn condition = ${if def:spam_score {yes}{no}}
set acl_m1 = X-Spam-Score: $spam_score ($spam_bar)
message = $acl_m1
warn log_message = spam message $spam_score points
condition = ${if >={$spam_score_int}{50}{yes}{no}}
set acl_m2 = X-Spam-Flag: YES
set acl_m3 = X-Spam-Report: $spam_report
message = $acl_m2\n$acl_m3
# Autoblacklist
warn hosts = +relay_from_hosts
condition = ${if >={$spam_score_int}{70}{yes}{no}}
set acl_m0 = $spam_score
condition = SPAM_COUNT
warn hosts = +relay_from_hosts
condition = ${if <{$spam_score_int}{0}{yes}{no}}
set acl_m0 = $spam_score
condition = SPAM_COUNT
warn hosts = +relay_from_hosts
condition = ${if and{{>={$spam_score_int}{0}} \
{<{$spam_score_int}{30}}} \
{yes}{no}}
set acl_m0 = -0.1
condition = SPAM_COUNT
warn log_message = spam threshold exceeded on submission
condition = ${if >={$spam_score_int}{100}{yes}{no}}
hosts = @ : localhost
control = freeze
deny message = spam detected on submission
condition = ${if >={$spam_score_int}{100}{yes}{no}}
hosts = !@ : !localhost : +relay_from_hosts
deny message = spam detected on submission
condition = ${if >={$spam_score_int}{100}{yes}{no}}
authenticated= *
accept
begin routers
(just before user forwards, but after aliasing)
spambucket:
driver = accept
domains = +our_domains
no_verify
condition = ${if and{\
{eq{USE_SPAMBUCKET}{yes}}\
{eq{SPAM_FILTER}{yes}}\
{>{${strlen:VMAIL_USER}}{0}}\
{>{${strlen:VMAIL_MBOX}}{0}}\
{>{${if def:spam_score_int {$spam_score_int}{0}}}{50}}\
} {yes}{no}}
transport = spambucket
begin transports
spambucket:
driver = appendfile
headers_remove = GLOBAL_HEADERS_REMOVE
user = VMAIL_USER
directory = /usr/home/VMAIL_USER/VMAIL_MBOX/.spambucket
create_directory
maildir_format
directory_mode = 0770
headers_add = ${if def:acl_m1 {$acl_m1\n}{}}\
${if def:acl_m2 {$acl_m2\n}{}}\
${if def:acl_m3 {$acl_m3\n}{}}\
Delivered-To: VMAIL_USER-$original_local_part@$domain
Ian
--
Ian Freislich
