Re: [exim] spam acl condition syntax

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Stuart Gall
CC: Exim User's Mailing List
Subject: Re: [exim] spam acl condition syntax
On Fri, 13 Oct 2006, Stuart Gall wrote:

> The documentation on the spam = acl condition is a bit sparse.


This is the start of what it says in the manual:

------------------------------------------------------------------------
Here is a simple example of the use of the spam condition in a DATA ACL:

deny message = This message was classified as SPAM
     spam = joe


The right-hand side of the spam condition specifies the username that
SpamAssassin should scan for. If you do not want to scan for a particular user,
but rather use the SpamAssassin system-wide default profile, you can scan for
an unknown user, or simply use "nobody". However, you must put something on the
right-hand side.

<snip>

The spam condition returns true if the threshold specified in the user's
SpamAssassin profile has been matched or exceeded. If you want to use the spam
condition for its side effects (see the variables below), you can make it
always return "true" by appending ":true" to the username.
------------------------------------------------------------------------

> It claims you can implement a per domain or per user spam setting.
>
> spam = X
>
> What is X is it envelope to local part ?


As quoted above, "The right-hand side of the spam condition specifies
the username that SpamAssassin should scan for." In other words, the
user whose SpamAssassin profile is to be used.

> How then do I do per domain filtering?


Probably by setting up some suitable SpamAssassin profile, but I am not
knowledgeable about SA.

> I tried
>    accept    spam = postmaster

>
> in a data ACL I would expect this to allow all mail to the
> postmaster,


No. It will scan using "postmaster"'s profile (if there is one) and
accept if the "spam" condition is true, which it will be if the
message's spam score is over the default threshold.

> however it appeared to allow all mail to everyone.
> i.e. it functions as
>    accept spam=nobody would


"accept spam = nobody" should accept all *spam* but reject non-spam.

> There are basically two things I want to do
> 1) Set specific reject levels per virtual domain
> 2) set a higher level for the postmaster


You need advice from someone who knows more about SA than I do, about
setting up individual SA profiles. For (2) you could put, *before* the
other tests, something like

accept  local_part = postmaster
        spam = whatever:true
        condition = ${if < {$spam_score_int}{10}}


to accept mail to postmaster if the score is less than 10. This is off
the top of my head and completely untested. Actually, you could probably
do (1) in a similar way, using a file of levels indexed by domain. And
of course you could write the statments using "deny" instead of "accept"
if that is easier.

-- 
Philip Hazel            University of Cambridge Computing Service
Get the Exim 4 book:    http://www.uit.co.uk/exim-book