Re: [exim] pipe message to app

Top Page
Delete this message
Reply to this message
Author: David Ward
Date:  
To: W B Hacker
CC: exim users
Subject: Re: [exim] pipe message to app
Bill,

I have a hack that I'm currently trying in order to use dspam from DATA.

As per http://www.exim.org/exim-html-4.62/doc/html/spec_html/ch40.html
there is a file that contains the whole message after the first call
to malware until the end of acl_smtp_data.

I'll note that the biggest issue is that this only allows for a
'global' dspam setup since acl_smtp_data is only run once for all
recipients (although 90% of our mail goes to just one user, so it
would be possible to pass that along).


So I have:

###
  deny    malware   = *
          message   = This message contains a virus ($malware_name).


# After the first 'malware' call there is a file at
# <spool_directory>/scan/<message_id>/<message_id>.eml
# that contains the whole message, so we can use that to have dspam inline

  # Call dspam via ${run} now that we have a message we can process
  # Note that we cannot have by-user checks here since this is for everyone
  warn condition   = ${if and { \
                              {<={$message_size}{128k}} \
                              { !eq{$acl_m14}{} } \
                      } {1}{0}}
       set acl_m15 = ${run {/usr/local/bin/exim_dspam
$spool_directory/scan/$message_exim_id/$message_exim_id.eml}
{$value}{}}
       add_header  = X-FILTER-DSPAM: by $primary_hostname on $tod_full


  warn condition   = ${if !eq{$acl_m15}{}}
       add_header  = X-DSPAM-Result: ${extract {result}{$acl_m15}}
       add_header  = X-DSPAM-Confidence: ${extract {confidence}{$acl_m15}}
       add_header  = X-DSPAM-Probability: ${extract {probability}{$acl_m15}}
       add_header  = X-DSPAM-Signature: ${extract {signature}{$acl_m15}}
###


and /usr/local/bin/exim_dspam is:

#!/bin/sh

DS_MODE=notrain
DS_USER=dspamusr

cat $1 | \
  dspam --mode=$DS_MODE \
        --user $DS_USER \
        --deliver=summary \
        --stdout | \
  sed -e 's/^[^;]*; //; s/[";]//g;'


### end of exim_dspam

Any improvements/suggestions would be more than welcome.



David
roverwolf@???
--

On 10/26/06, W B Hacker <wbh@???> wrote:
> David Saez Padros wrote:
>
> > Hi !!
> >
> > Is there any way to use ${run} to pipe the current message
> > (including headers) to an external aplication and get the
> > output ??
> >
>
> A 'spamd' or 'malware' call essentially does something similar to utilize
> SpamAssasin and ClamAV (or other AV scanner), and I have long wondered how
> difficult it would be to 'declare' sockets or IP for more such calls.
>
> Anyone presently doing this?
>
> Ex: Anyone invokong a 'Dspam' run from a DATA acl instead of awaiting the routers?
>
> Bill
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>