Re: [exim] Exim ACL - Opt-out of spam check

Pàgina inicial
Delete this message
Reply to this message
Autor: Ian FREISLICH
Data:  
A: Rodney Arne Karlsen
CC: exim-users
Assumpte: Re: [exim] Exim ACL - Opt-out of spam check
Rodney Arne Karlsen wrote:
> Hi all
>
> I am having a problem with an Exim ACL and need a few more pairs of eyes to
> double check this for me.
>
> Basically I have this mail server where some clients do not want their mail
> checked for spam. This is because they receive a lot of mail from Asian
> countries and Spam Assassin seems to not like it much.
>
> What I did was to create a file called /etc/host_spam_noscan_to that contains


> the domains that will not have their incoming mail checked for spam. I then
> put a new ACL line above the entries that check for spam.
>
> accept condition = ${lookup{$domain}lsearch{/etc/host_spam_noscan_to}{1}{0}}
>
> The way I see it is that if the recipient's domain is found in the file, the
> condition will return true and the message will be accepted, skiping the spam


> checking ACLs.
>
> Unfortunately this is not working. Mail is still being rejected.


Here's what I do:

1. Set spamassassin's threshold really high so that we don't reject
false positives (I use 30).
2. Reject mail based on spamassasin thinking it's spam - scores of 30+.
3. Set some ACL variables to the report and other things.
4. Accept the mail if it's otherwise acceptable (I've had to take
the whole message to scan it anyway).
5. At routing time decide what to do with it based on the domain's
preferences.

I've included the VMAIL_* macros so that the routers and tranports
might make a bit more sense to those that have used vmailmgr.
Contact me privately if you want the autoblacklist stuff for relay
clients.

USE_SPAMBUCKET= yes
HOSTNAME=my.host.name
SPAM_FILTER = ${lookup{$domain} lsearch{/etc/exim/exclude.spamfilter}{no}{yes}}
SPAM_COUNT = ${lookup pgsql{SELECT * \
                FROM spam_count('$sender_host_address', $acl_m0)}{$value}}


VMAIL_USER = ${lookup{$domain} lsearch{/var/qmail/control/virtualdomains} \
                {$value}fail}
VMAIL_MBOX = ${perl {vmail_mailbox}{/usr/home/VMAIL_USER/passwd.cdb}}


acl_smtp_data:
  deny     condition    = ${if <{$message_size}{80k}{yes}{no}}
          !hosts        = net-iplsearch;/etc/exim/exclude.spamfilter.nets
           spam         = HOSTNAME/defer_ok
           message      = This message rated as spam
           log_message  = SPAM message $spam_score


  warn     condition    = ${if def:spam_score {yes}{no}}
           set acl_m1   = X-Spam-Score: $spam_score ($spam_bar)
           message      = $acl_m1


  warn     log_message  = spam message $spam_score points
           condition    = ${if >={$spam_score_int}{50}{yes}{no}}
           set acl_m2   = X-Spam-Flag: YES
           set acl_m3   = X-Spam-Report: $spam_report
           message      = $acl_m2\n$acl_m3


  # Autoblacklist 
  warn     hosts        = +relay_from_hosts
           condition    = ${if >={$spam_score_int}{70}{yes}{no}}
           set acl_m0   = $spam_score
           condition    = SPAM_COUNT
  warn     hosts        = +relay_from_hosts
           condition    = ${if <{$spam_score_int}{0}{yes}{no}}
           set acl_m0   = $spam_score
           condition    = SPAM_COUNT
  warn     hosts        = +relay_from_hosts
           condition    = ${if and{{>={$spam_score_int}{0}} \
                           {<{$spam_score_int}{30}}} \
                        {yes}{no}}
           set acl_m0   = -0.1
           condition    = SPAM_COUNT


  warn     log_message  = spam threshold exceeded on submission
           condition    = ${if >={$spam_score_int}{100}{yes}{no}}
           hosts        = @ : localhost
           control      = freeze


  deny     message      = spam detected on submission
           condition    = ${if >={$spam_score_int}{100}{yes}{no}}
           hosts        = !@ : !localhost : +relay_from_hosts


  deny     message      = spam detected on submission
           condition    = ${if >={$spam_score_int}{100}{yes}{no}}
           authenticated= *


accept

begin routers
(just before user forwards, but after aliasing)
spambucket:
  driver = accept
  domains = +our_domains
  no_verify
  condition = ${if and{\
        {eq{USE_SPAMBUCKET}{yes}}\
        {eq{SPAM_FILTER}{yes}}\
        {>{${strlen:VMAIL_USER}}{0}}\
        {>{${strlen:VMAIL_MBOX}}{0}}\
        {>{${if def:spam_score_int {$spam_score_int}{0}}}{50}}\
    } {yes}{no}}
  transport = spambucket


begin transports
spambucket:
  driver = appendfile
  headers_remove = GLOBAL_HEADERS_REMOVE
  user = VMAIL_USER
  directory = /usr/home/VMAIL_USER/VMAIL_MBOX/.spambucket
  create_directory
  maildir_format
  directory_mode = 0770
  headers_add = ${if def:acl_m1 {$acl_m1\n}{}}\
                ${if def:acl_m2 {$acl_m2\n}{}}\
                ${if def:acl_m3 {$acl_m3\n}{}}\
                Delivered-To: VMAIL_USER-$original_local_part@$domain


Ian

--
Ian Freislich