RE: [exim] system wide filter against spam marked traffic on…

Top Page
Delete this message
Reply to this message
Author: Herb Martin
Date:  
To: 'Mailinglist EXIM'
Subject: RE: [exim] system wide filter against spam marked traffic on inbox
> i need to take all the emails with header containing [SPAM?]
> and move them to a folder in the maildir of each user named
> Maildir/.SPAM

<snip>
> Reading the doc and spec of exim seems that there's another
> way using either a router or a directive named
> transport_filter in the transport that writes to disk.
>
> Nevertheless i was unable along the evening to make it run. I
> would like to get some thought from the list.


My example following does not do precisely what you request;
but it covers the basic idea using two different Headers (rather
than subject line marker) to place the files into either of
three locations beneath MAIL_DIR_PATH:

  zhighspam   (high scoring spam "catch" user directory)
  zspammail   (lower scoring spam "catch" user directory)
  username    (directory for each user


In each case the file name is constructed as
'qBASE62ENC_TIME_OF_DAY-XXXXXX.msg' (there's an
overcomplicated test in directory_file for the
extension because in an ealier version I changed
that based on Spam score too.

So my mail is delivered based on Username, or to one of
two spam 'usernames' to pre-sort the mail for review:

# from my transports section:

local_delivery:
  driver = appendfile
  directory = /MAIL_DIR_PATH/${if def:h_X-HighSpam:\ 
    {zhighspam}{${if def:h_X-Spam-Mail: \
      {zspammail}{$local_part}}}}
  directory_file = q${base62:$tod_epoch}-$inode.\
       ${if def:h_X-SuperSpam:{msg}\
      {${if def:h_X-Spam-Mail:{msg}{msg}}}}
  delivery_date_add
  envelope_to_add
  return_path_add
# group = mail
  initgroups = no
  mode = 0666
  mode_fail_narrower = no
  check_group = no
  check_owner = no

    

# 'group' is commented out because I am running on Cygwin
and don't seem to need such complications.


#I have ACL DATA warnings to add the needed Headers:

warn  message = X-Spam-Mail: yes
    condition = ${if <{$message_size}{250k}{1}{0}}
         spam = herbm/defer_ok


# 12.0+ point spam                 
warn  message = X-HighSpam: Message exceeded spam score threshhold.
    condition = ${if <{$message_size}{250k}{1}{0}}
         spam = herbm:true/defer_ok
      condition = ${if >{$spam_score_int}{120}{1}{0}}


...etc....

I hope it gives you some help and some ideas.

--
Herb Martin




# FYI: I also add the "score" with the spam marker (***)
to the subject line of each mail (in the ACL DATA checks):

warn  message = Subject: ***** SPAM *****__$spam_score $h_subject
    condition = ${if <{$message_size}{250k}{1}{0}}
    condition = ${if <{$spam_score_int}{100}{1}{0}}
         spam = herbm/defer_ok

                
warn  message = Subject: ***** SPAM *****_$spam_score $h_subject
    condition = ${if <{$message_size}{250k}{1}{0}}
    condition = ${if >{$spam_score_int}{99}{1}{0}}
    condition = ${if <{$spam_score_int}{1000}{1}{0}}
         spam = herbm/defer_ok

                
warn  message = Subject: ***** SPAM *****$spam_score $h_subject
    condition = ${if <{$message_size}{250k}{1}{0}}
    condition = ${if >{$spam_score_int}{999}{1}{0}}
         spam = herbm/defer_ok