Hi,
I'm running exim 4.60-3ubuntu3.1 on ubuntu-server, dapper LTS.
Snippets from my config:
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
...
acl_check_mail:
...
warn !hosts = +eq_trusted
condition = ${perl{isForbiddenEmail}{$sender_address_local_part@$sender_address_domain}}
set acl_m4 = $sender_address_local_part@$sender_address_domain,$acl_m4
...
acl_check_data:
deny hosts = !+eq_trusted
message = This message has been blocked by virus scanner ($malware_name was found)
demime = *
malware = *
deny condition = ${if def:acl_m4{1}{0}}
demime = *
condition = ${perl{isForbidden}{$acl_m4}\
{/var/spool/exim4/scan/$message_id}}
message = Content is unacceptable
from exim.pl:
sub isForbiddenEmail {
returns 0 or 1 depending if the email should be scanned for forbidden
content or not
sub isForbidden {
my ($addresses, $path) = (shift,shift);
...
for my $file (glob "$path/*") {
my $mm = new File::MMagic; # use internal magic file
next if $mm->checktype_filename($file) !~ /^text\//;
matches the content against some regexps and returns 0 or 1 depending on
matches
--- The problems
1) Based on this post[1] the above should be ok to do headers checking, as they
should be dumped to the .eml file as part of the demime process. Unfortunately
that doesnt appear to be the case. I've added logging options to the perl
function (see question 2) and all I can see is a .com file which only contains
the body, no headers. Can anybody point out what's wrong with my settings and
how demime works? is it comparable to mimedecode?
2) Unfortunately I've got problems with logging itself. All I've added is a file
open and a few print statements to the isForbidden function, but they are never
executed when sending emails, altho they work fine if I run an exim4 -bhc $ip
test. I am sure the function is executed as if I input some forbidden pattern I
get an error message. Can anybody explain this behavior?
3) Can you suggest a better debugging strategy for content scanning/perl code?
Thanks in advance,
regards,
Spike
[1]
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050829/msg00248.html
--
#370 +(982)- [X]
<Beeth> Progress (n.): The process through which the Internet has evolved from
<Beeth> smart people in front of dumb terminals to dumb people in front of smart
<Beeth> terminals.