[exim] There's a hole in the bucket, ...

Top Page
Delete this message
Reply to this message
Author: Johann Spies
Date:  
To: exim-users
Subject: [exim] There's a hole in the bucket, ...
We have put three new mail servers in production in the past month
and they perform well - but something is leaking through - spam from
time to time.

Our users can choose whether they want their spam blocked at smtp-time
and in the check_rcpt acl I have:


   warn  set acl_m1 = f
         domains = ! dbm;/etc/exim4/relaydomains.db
         condition  = ${if eq{${lookup pgsql \
          {select 1 from emailuser where \
          username = '${uc:${quote_pgsql:$local_part}}' and \
          spamdelete = 't' limit 1}}}{}{no}{yes}}
        set acl_m1 = t
       condition = ${if and \
                          {\
                            {! eq {$acl_m0}{t}}\
                            {! eq {$acl_m0}{f}}\
                          }\
                           {yes}{no}}
        set acl_m0 = $acl_m1


Where $acl_m0 is used in the check_data acl to determine whether the
email must be refused or not at smtp-level and $acl_m1 whether the
batch of recipients have the same preference in this regard.

The following configuration applies to all three in the check_data acl:

accept     condition  = ${if >{$message_size}{100k}{yes}{no}}


# Always put X-Spam-Score header in the message.

warn message = X-Spam-Score: $spam_score ($spam_bar)
          hosts = ! +relay_from_hosts
          spam = spamd:true


warn message = X-Spam-Status: YES
          hosts = ! +relay_from_hosts
          condition = ${if >{$spam_score_int}{80}{1}{0}}
          spam = spamd:true


warn message = X-Spam-Status: NO
          hosts = ! +relay_from_hosts
          condition = ${if <{$spam_score_int}{80}{1}{0}}
          spam = spamd:true


# Always put X-Spam-Report header in the message.
warn message = X-Spam-Report: \n $spam_report
          hosts = ! +relay_from_hosts
          spam = spamd:true



# reject messages that score more than 8 and where the user
# has chosen to have spam blocked.

   deny message = Message viewed as spam. (scored $spam_score) \n \
             If you are convinced that it was not spam, please send \n \
             it again and this time CC it to sysadm@??? or \n \
             contact sysadm@??? to find out why it was marked as \n\
             spam.  The system administrator will require the following \n \
             information: sender address, recipient's address and time.\n \
             \n\
             The spamfilter report for your email follows:\n $spam_report
          hosts = ! +relay_from_hosts
         spam = spamd:true
          condition = ${if eq{$acl_m0}{t}{yes}{no}}
          condition = ${if >{$spam_score_int}{80}{1}{0}}
          log_message = SPAM: Message viewed as spam. (scored $spam_score)


# accept otherwise
accept

The problem is that sometimes a message has a score of more than 8 and
the recipient has indicated that it must be blocked, but exim still
accept the message and deliver it to the recipient.

Here is the spamassassin-related headers in such a message:

X-Spam-Score: 10.1 (++++++++++)
X-Spam-Status: YES
X-Spam-Report:
        MAIL3:(10.1 points)
...


When I test a spam message to the same recipient using swaks like this:


swaks --pipe "sudo /usr/sbin/exim4 -d -bh 85.87.87.50" -h
ccqy.euskaltel.es -f disenamour@??? -t jspies@??? --body
"..the body of the spam follows here"

the message gets rejected as expected.

What am I (or my exim config) missing? Somewhere there is a hole.

Regards
Johann

-- 
Johann Spies          Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch


     "For the word of God is quick, and powerful, and  
      sharper than any twoedged sword, piercing even to  
      the dividing asunder of soul and spirit, and of the
      joints and marrow, and is a discerner of the thoughts
      and intents of the heart."      Hebrews 4:12