RE: [exim] Exim 4.60 & SpamAssassin 3.1.0 Problems

-----Original Message-----
From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org] On
Behalf Of Tim Jackson
Sent: Wednesday, January 11, 2006 5:16 AM
To: exim-users@???
Subject: Re: [exim] Exim 4.60 & SpamAssassin 3.1.0 Problems

> I think you need to show us relevant bits of your Exim config (or the
whole config if it's not too big, with comments
> stripped if you're posting it to the list.)

I am sending that copied at the end of this email.


> OK, so I'm guessing you're accepting everything, passing the messages to
SpamAssassin via a router and then reinjecting
> into Exim? Do you really end up with the messages in BSMTP format?

Honestly, I'm not sure. I started doing a webhosting business a year and
half ago and Exim/SA was working as far back as the 4.44/2.6.0 days just
fine without issue. The exim.conf file is modified slightly and provided by
the company that makes the control panel I use. DirectAdmin
(www.directadmin.com) To see their unedited exim.conf goto
http://files.directadmin.com/services/exim.conf


> Is there a strong reason why you're doing this as opposed to doing the
scanning at SMTP time using Exim's built-in
> Content Scanning Extension?

Again, I'm not sure exactly what is happening.


> Does ANYONE have any ideas on what direction to take??!

> 1. send us your config

> 2. do the scanning using content scanning extensions if you can, it's
better anyway

> 3. as a temporary measure, using "temp_errors = *" on your transport that
pipes the mail to spamassassin might help to
> stop the incoming messages actually bouncing and make them stick on your
queue instead.
****************************************************************************
*************************************
# primary_hostname =

# qualify_domain =

# qualify_recipient =

perl_startup = do '/etc/exim.pl'

system_filter = /etc/system_filter.exim

daemon_smtp_ports = 25 : 587

message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000
print_topbitchars = true

helo_allow_chars = _

log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery

syslog_duplication = false

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

addresslist whitelist_senders = lsearch;/etc/virtual/whitelist_senders
addresslist blacklist_senders = lsearch;/etc/virtual/blacklist_senders
domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_domains = lsearch;/etc/virtual/whitelist_domains
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist auth_relay_hosts = *
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
hostlist bad_sender_hosts_ip = net-lsearch;/etc/virtual/bad_sender_hosts
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist whitelist_hosts = lsearch;/etc/virtual/whitelist_hosts
hostlist whitelist_hosts_ip = net-lsearch;/etc/virtual/whitelist_hosts

# local_domains_include_host_literals

allow_domain_literals = false

never_users = root

host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 5d

trusted_users = mail:majordomo:apache:diradmin

# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *
#auth_over_tls_hosts = *

######################################################################
#                               ACLs                                 #
######################################################################

begin acl

check_recipient:

# to block certain wellknown exploits, Deny for local domains if
# local parts begin with a dot or contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

# to restrict port 587 to authenticated users only
# see also daemon_smtp_ports above
accept  hosts = +auth_relay_hosts
        condition = ${if eq {$interface_port}{587} {yes}{no}}
        endpass
        message = relay not permitted, authentication required
        authenticated = *

  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

accept hosts = :

accept sender_domains = +whitelist_domains

accept hosts = +whitelist_hosts
accept hosts = +whitelist_hosts_ip

accept senders = +whitelist_senders

  accept  local_parts = postmaster
          domains     = +local_domains

  accept  local_parts = abuse
          domains     = +local_domains

  accept  local_parts = hostmaster
          domains     =+local_domains

#   accept  local_parts = errors
#           domains     = example.com

  deny message = Email blocked by LBL - to unblock see
http://www.modemnet.net/spam/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       sender_domains = +blacklist_domains

  deny message = Email blocked by BSHL - to unblock see
http://www.modemnet.net/spam/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts

  deny message = Email blocked by BSHL - to unblock see
http://www.modemnet.net/spam/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       hosts = +bad_sender_hosts_ip

deny message = Email blocked by BSAL - to unblock see
http://www.modemnet.net/spam/
domains = use_rbl_domains
deny senders = +blacklist_senders

#require verify = sender

  deny message = Email blocked by SPAMHAUS - to unblock see
http://www.modemnet.net/spam/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = sbl.spamhaus.org

  deny message = Email blocked by ORDB - to unblock see
http://www.modemnet.net/spam/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = relays.ordb.org

  deny message = Email blocked by SORBS - to unblock see
http://www.modemnet.net/spam/
       # only for domains that do want to be tested against RBLs
       domains = +use_rbl_domains
       dnslists = dnsbl.sorbs.net=127.0.0.5

  deny message = Email blocked by SPAMCOP - to unblock see
http://www.modemnet.net/spam/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = bl.spamcop.net

  deny message = Email blocked by NJABL - to unblock see
http://www.modemnet.net/spam/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.njabl.org

  deny message = Email blocked by CBL - to unblock see
http://www.modemnet.net/spam/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = cbl.abuseat.org

  deny message = Email blocked by SORBS - to unblock see
http://www.modemnet.net/spam/
       hosts = !+relay_hosts
       domains = +use_rbl_domains
       !authenticated = *
       dnslists = dnsbl.sorbs.net!=127.0.0.6

  deny message = Email blocked by SORBS - to unblock see
http://www.modemnet.net/spam/
       domains =+use_rbl_domains
       # rhsbl list is name based
       dnslists = rhsbl.sorbs.net/$sender_address_domain

  accept  domains = +local_domains
          endpass
      message = "Unknown User"
          verify = recipient

  accept  domains = +relay_domains
          endpass
          verify=recipient

  accept  hosts = +relay_hosts
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
  deny    message = relay not permitted

  deny    message = relay not permitted

check_message:
accept

######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################

begin authenticators

plain:
    driver = plaintext
    public_name = PLAIN
    server_condition = "${perl{smtpauth}}"
    server_set_id = $2

login:
    driver = plaintext
    public_name = LOGIN
    server_prompts = "Username:: : Password::"
    server_condition = "${perl{smtpauth}}"
    server_set_id = $1

######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################

# There are no rewriting specifications in this default configuration file.

######################################################################
#                      ROUTERS CONFIGURATION                         #
#            Specifies how remote addresses are handled              #
######################################################################

begin routers

lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more

# domain_literal:
# driver = ipliteral
# transport = remote_smtp

######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################

# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { \
            {!def:h_X-Spam-Flag:} \
            {!eq {$received_protocol}{spam-scanned}} \
            {!eq {$received_protocol}{local}} \

    

{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.
spamassassin/user_prefs}} \
        } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify

majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}l
search{/etc/virtual/${domain}/majordomo/list.aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo

majordomo_private:
  driver = redirect
  allow_defer
  allow_fail
  #condition = "${if eq {$received_protocol} {local} {true} {false} }"
  condition = "${if or { {eq {$received_protocol} {local}} \
                         {eq {$received_protocol} {spam-scanned}} } {true}
{false} }"
  data = ${if
exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_par
t}lsearch{/etc/virtual/${domain}/majordomo/private.aliases}}}}
  domains = lsearch;/etc/virtual/domainowners
  file_transport = address_file
  group = daemon
  pipe_transport = majordomo_pipe
  retry_use_local_part
  user = majordomo

domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
file_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify

uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch
{/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen

userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch
{/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply
unseen

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/vir
tual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true

virtual_user:
driver = accept
condition = ${if eq {}{${if
exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virt
ual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery

virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if
exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virt
ual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true

userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim

localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery

# This director matches local user mailboxes.

######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################

# Spam Assassin
begin transports

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u
${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!


#majordomo
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file = /var/mail/$local_part
group = mail
mode = 0660
return_path_add
user = ${local_part}

virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 700
envelope_to_add
file = /var/spool/virtual/${domain}/${local_part}
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if
exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virt
ual/${domain}/quota}{$value}{0}}}{0}}

## vacation transport
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}}
{I am on vacation}}"
  text = "\
    ------
------\n\n\
    This message was automatically generated by email software\n\
    The delivery of your message has not been affected.\n\n\
    ------
------\n\n"
  to = "${sender_address}"
  user = mail
    #once = /etc/virtual/${domain}/reply/${local_part}.once

userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch
{/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}}
{Autoreply Message}}"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp

address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_reply:
driver = autoreply

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,8h

# End of Exim 4 configuration