Re: [exim] Problem with spamassassin [unsolved] :(((

Top Page
Delete this message
Reply to this message
Author: Balzi Andrea
Date:  
To: Exim, Users
Subject: Re: [exim] Problem with spamassassin [unsolved] :(((
I've found anonther problem.
In to my blacklist_domain.cfg I've insert com.br but following mail has
entered, like can be seen from the main.log.

It is a problem of my configuration? Where I have mistaken?

2006-09-11 14:57:23 1GMlLk-00087l-NF <= consultoria@???
H=(host-196-205-231-113.static.link.com.eg) [196.205.231.113] P=esmtp
S=1178 T="High-quality pharmacy at your country."
2006-09-11 14:57:24 1GMlLk-00087l-NF => barbara.landone@???
F=<consultoria@???> R=special T=remote_smtp H=xxxxxxxxxxxxxxx
QT=4s
2006-09-11 14:57:24 1GMlLk-00087l-NF Completed

Andrea

> I've the follow configuration on my acl, but sometime Spam
> check is not executed.
> If I check the header of some mail that pass without spam
> check I've not found the X-Spam Headers.
> This is my problem and I've not understood how can solve it.
> In one previous mine mail I have sended also a debug of one
> mail not controlled.
>
> The follow lines are an example of the configuration in to
> the local.cf of my spamassassin.
>
> describe SPAM1 A spam mail
> header SPAM1 Subject =~ /PHA[a-z]{1,5}RMACY/i score SPAM1 5
>
> Below you can find my ACL defined in to my exim4.conf
>
> acl_check_rcpt:
>
> accept hosts = :
>
>   #Blocca le mail con HELO non valido
>   drop message     = Invalid command HELO / Comando HELO non valido
>        condition   = ${lookup {$sender_helo_name} \

>
> lsearch{/etc/exim4/blacklist_helo.cfg} \
>                                                           {yes}{no}}
>   #Blocca le mail spedite da server non nostri con i nostri domini
>   deny message = Relay not permited / Relay non permesso
>        sender_domains = lsearch;/etc/exim4/local_domains.cfg
>        hosts = !srv-mail01

>
>
> ##############################################################
> ###############
> # The following section of the ACL is concerned with local
> parts that contain
> # @ or % or ! or / or | or dots in unusual places.
> #
>
>   deny    message       = Restricted characters in address / 
> Indirizzo con caratteri non validi
>           domains       = +local_domains
>           local_parts   = ^[0-9] : ^[.] : ^.*[@%!/|] : 
> lsearch;/etc/exim4/blacklist_local_parts.cfg

>
>   deny    message       = Restricted characters in address / 
> Indirizzo con caratteri non validi
>           domains       = !+local_domains
>           local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ : 
> ^3D : lsearch;/etc/exim4/blacklist_local_parts.cfg

>
> # Accept mail to postmaster in any local domain, regardless
> of the source,
> # and without verifying the sender.
>
>   accept  local_parts   = postmaster
>           domains       = +local_domains

>
> # Deny unless the sender address can be verified.
>
>   require verify        = sender

>
>   accept  hosts         = +relay_from_hosts
>           control       = submission

>
> # Accept if the message arrived over an authenticated
> connection, from
> # any host. Again, these messages are usually from MUAs, so
> recipient
> # verification is omitted, and submission mode is set. And
> again, we do this
> # check before any black list tests.
>
>   accept  authenticated = *
>           control       = submission

>
>   #Indirizzi mail considerati attendibili
>   accept  senders       = lsearch;/etc/exim4/whitelist_mails.cfg
>           #endpass
>           verify        = recipient

>
>   #Domini mail considerati attendibili
>   accept  sender_domains = lsearch;/etc/exim4/whitelist_domains.cfg
>           #endpass
>           verify        = recipient

>
>   #Domini di posta considerati non attendibili
>   drop    message       = mail drop because 
> $sender_address_domain is in our blacklist / mail scartata 
> perche\' $sender_address_domain e\' presente nella nostra blacklist
>           !senders      = lsearch;/etc/exim4/whitelist_mails.cfg
>           sender_domains = lsearch;/etc/exim4/blacklist_domains.cfg

>
>   #DNSBL utenti Dialup / ADSL
>   drop    message       = mail drop because 
> $sender_host_address is in a black list at $dnslist_domain / 
> mail scartata perche\' $sender_host_address e\' presente 
> nella blacklist di $dnslist_domain
>           !senders      = lsearch;/etc/exim4/whitelist_mails.cfg
>           dnslists      = dnsbl.njabl.org : 
> dul.dnsbl.sorbs.net : sbl.spamhaus.org : whois.rfc-ignorant.org

>
>   #DNSBL server considerati spammer o openrelay
>   drop    message       = rejected because 
> $sender_host_address is in a black list at $dnslist_domain / 
> mail respinta  perche\' $sender_host_address e\' presente 
> nella blacklist di $dnslist_domain
>           hosts         = ! lsearch;/etc/exim4/whitelist_hosts.cfg
>           senders       = ! lsearch;/etc/exim4/whitelist_domains.cfg
>           dnslists      = sbl.spamhaus.org : 
> spam.dnsbl.sorbs.net : sbl.spamhaus.org : whois.rfc-ignorant.org

>
> # Accept if the address is in a local domain, but only if
> the recipient can
> # be verified. Otherwise deny. The "endpass" line is the
> border between
> # passing on to the next ACL statement (if tests above it
> fail) or denying
> # access (if tests below it fail).
>
>   accept  domains       = +local_domains
>           endpass
>           verify        = recipient

>
> # Accept if the address is in a domain for which we are an
> incoming relay,
> # but again, only if the recipient can be verified.
>
>   accept  domains       = +relay_to_domains
>           endpass
>           verify        = recipient

>
> # Reaching the end of the ACL causes a "deny", but we might
> as well give
> # an explicit message.
>
>   deny    message       = relay not permitted / Accesso non 
> autorizzato

>
>
> acl_check_data:
>
>   deny message = Blacklisted file extension detected 
> ($found_extension) / Tipologia di file non autorizzato 
> ($found_extension)
>        demime = exe:pif:bat:scr:lnk:com:reg:vbs:cmd:js:msi:dll:cpl:eml

>
>   # Deny if the message contains a virus. Before enabling 
> this check, you
>   # must install a virus scanner and set the av_scanner option above.
>   #
>   deny    malware   = *
>           message   = This message contains a virus 
> ($malware_name) / Questa mail contiente un virus ($malware_name) 

>
>   # Aggiunta degli header a tutte le mail del controllo AntiSpam
>   warn  message = X-Spam-Score: $spam_score ($spam_bar)\n\
>                   X-Spam-Report: $spam_report\n\
>                   Subject: ***SPAM*** $h_Subject:
>         hosts = ! lsearch;/etc/exim4/nospam_check_hosts.cfg
>         spam = nobody

>
>   # Scarto delle mail che hanno un punteggio > 12
>   drop  message = This message scored $spam_score spam points.
>         hosts = ! lsearch;/etc/exim4/nospam_check_hosts.cfg
>         spam = nobody:true
>         condition = ${if >{$spam_score_int}{120}{1}{0}}

>
>
> accept
>