Re: [exim] spam acl condition syntax

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Stuart Gall
Date:  
À: exim-users
Sujet: Re: [exim] spam acl condition syntax

On 13 Oct 2006, at 11:24, Philip Hazel wrote:

> On Fri, 13 Oct 2006, Stuart Gall wrote:
>
>> The documentation on the spam = acl condition is a bit sparse.
>
> This is the start of what it says in the manual:
>
> ----------------------------------------------------------------------
> --
> Here is a simple example of the use of the spam condition in a DATA
> ACL:
>
> deny message = This message was classified as SPAM
>      spam = joe

>
> The right-hand side of the spam condition specifies the username that
> SpamAssassin should scan for. If you do not want to scan for a
> particular user,
> but rather use the SpamAssassin system-wide default profile, you
> can scan for
> an unknown user, or simply use "nobody". However, you must put
> something on the
> right-hand side.


BUT then is says
The username allows you to use per-domain or per-user antispam
profiles. The right-hand side is expanded before being used, so you
can put lookups or conditions there. When the right-hand side
evaluates to “0” or “false”, no scanning is done and the condition
fails immediately

But it does not explain how to do this

Moreover I suspect that it is not really possible, per domain or user
anything is a problem in the data acl

say postmaster@??? expands to jon@??? and stuart@???

so in the data acl what is it going to scan for
postmaster, jon, stuart
foo.bar, something.com, my.domain




>
> <snip>
>
> The spam condition returns true if the threshold specified in the
> user's
> SpamAssassin profile has been matched or exceeded. If you want to
> use the spam
> condition for its side effects (see the variables below), you can
> make it
> always return "true" by appending ":true" to the username.
> ----------------------------------------------------------------------
> --
>
>> It claims you can implement a per domain or per user spam setting.
>>
>> spam = X
>>
>> What is X is it envelope to local part ?
>
> As quoted above, "The right-hand side of the spam condition specifies
> the username that SpamAssassin should scan for." In other words, the
> user whose SpamAssassin profile is to be used.


Ahhh
I see the error in my logic
"scan for" as in scan on behalf of I was reading "scan for" as in
look for


therefore I assume that spamassassin is called each time a new spam =
user is encountered

>
>> How then do I do per domain filtering?
>
> Probably by setting up some suitable SpamAssassin profile, but I am
> not
> knowledgeable about SA.
>
>> I tried
>>     accept    spam = postmaster

>>
>> in a data ACL I would expect this to allow all mail to the
>> postmaster,
>
> No. It will scan using "postmaster"'s profile (if there is one) and
> accept if the "spam" condition is true, which it will be if the
> message's spam score is over the default threshold.
>
>> however it appeared to allow all mail to everyone.
>> i.e. it functions as
>>     accept spam=nobody would

>
> "accept spam = nobody" should accept all *spam* but reject non-spam.
>
>> There are basically two things I want to do
>> 1) Set specific reject levels per virtual domain
>> 2) set a higher level for the postmaster
>
> You need advice from someone who knows more about SA than I do, about
> setting up individual SA profiles. For (2) you could put, *before* the
> other tests, something like
>
> accept  local_part = postmaster
>         spam = whatever:true
>         condition = ${if < {$spam_score_int}{10}}

>
> to accept mail to postmaster if the score is less than 10. This is off
> the top of my head and completely untested. Actually, you could
> probably
> do (1) in a similar way, using a file of levels indexed by domain. And
> of course you could write the statments using "deny" instead of
> "accept"
> if that is easier.
>
> -- 
> Philip Hazel            University of Cambridge Computing Service
> Get the Exim 4 book:    http://www.uit.co.uk/exim-book

>