Re: [exim] log reject emails

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] log reject emails
On Fri, 2008-04-11 at 01:58 +0200, Alexandre Busquets Triola wrote:
> Is possible store a copy of reject emails.


Yes.

> I would know if my anti-spam rules are working correctly.


I must say that they look pretty good to me! A followup question is: how
do you propose to check through the volume of messages you've rejected,
if you're storing copies of them?

Anyway, you need to use the "fakereject" ACL control with an appropriate
message, in conjunction with a router and transport to handle the
accepted but tagged/filtered message. For example, where you spam check:

accept spam = exim:true
       condition = ${if >{$spam_score_int}{60}{1}{0}}
       set acl_c_FAKEREJECT = 1
       control = fakereject/Your message scored $spam_score - rejected


That accepts the message but tells the sending host that it's over
threshold and sends a 550 to it at the end of DATA. The snippet sets a
connection variable acl_c_FAKEREJECT for testing in a router:

fake_accept:
driver = accept
condition = ${if eq{$acl_c_FAKEREJECT}{1}}
domains = +local_domains
transport = fake_accept

And here's the transport:

fake_accept:
driver = appendfile
maildir_format
directory = /path_to_maildir/Maildir/.Inbound-Rejections
delivery_date_add
envelope_to_add
return_path_add
group = exim
mode = 0660

(obviously there are sections there which need tuning to local
requirements).

Those taken together will be seen to reject messages with a spam score
over 6, but will essentially "quarantine" them in a specific maildir
folder for somebody to check. On highly loaded systems this can be a
*very* onerous job.

An alternative is to deliver per user - you can configure this in the
router/transport.

Graeme