We have put three new mail servers in production in the past month
and they perform well - but something is leaking through - spam from
time to time.
Our users can choose whether they want their spam blocked at smtp-time
and in the check_rcpt acl I have:
warn set acl_m1 = f
domains = ! dbm;/etc/exim4/relaydomains.db
condition = ${if eq{${lookup pgsql \
{select 1 from emailuser where \
username = '${uc:${quote_pgsql:$local_part}}' and \
spamdelete = 't' limit 1}}}{}{no}{yes}}
set acl_m1 = t
condition = ${if and \
{\
{! eq {$acl_m0}{t}}\
{! eq {$acl_m0}{f}}\
}\
{yes}{no}}
set acl_m0 = $acl_m1
Where $acl_m0 is used in the check_data acl to determine whether the
email must be refused or not at smtp-level and $acl_m1 whether the
batch of recipients have the same preference in this regard.
The following configuration applies to all three in the check_data acl:
accept condition = ${if >{$message_size}{100k}{yes}{no}}
# Always put X-Spam-Score header in the message.
warn message = X-Spam-Score: $spam_score ($spam_bar)
hosts = ! +relay_from_hosts
spam = spamd:true
warn message = X-Spam-Status: YES
hosts = ! +relay_from_hosts
condition = ${if >{$spam_score_int}{80}{1}{0}}
spam = spamd:true
warn message = X-Spam-Status: NO
hosts = ! +relay_from_hosts
condition = ${if <{$spam_score_int}{80}{1}{0}}
spam = spamd:true
# Always put X-Spam-Report header in the message.
warn message = X-Spam-Report: \n $spam_report
hosts = ! +relay_from_hosts
spam = spamd:true
# reject messages that score more than 8 and where the user
# has chosen to have spam blocked.
deny message = Message viewed as spam. (scored $spam_score) \n \
If you are convinced that it was not spam, please send \n \
it again and this time CC it to sysadm@??? or \n \
contact sysadm@??? to find out why it was marked as \n\
spam. The system administrator will require the following \n \
information: sender address, recipient's address and time.\n \
\n\
The spamfilter report for your email follows:\n $spam_report
hosts = ! +relay_from_hosts
spam = spamd:true
condition = ${if eq{$acl_m0}{t}{yes}{no}}
condition = ${if >{$spam_score_int}{80}{1}{0}}
log_message = SPAM: Message viewed as spam. (scored $spam_score)
# accept otherwise
accept
The problem is that sometimes a message has a score of more than 8 and
the recipient has indicated that it must be blocked, but exim still
accept the message and deliver it to the recipient.
Here is the spamassassin-related headers in such a message:
X-Spam-Score: 10.1 (++++++++++)
X-Spam-Status: YES
X-Spam-Report:
MAIL3:(10.1 points)
...
When I test a spam message to the same recipient using swaks like this:
swaks --pipe "sudo /usr/sbin/exim4 -d -bh 85.87.87.50" -h
ccqy.euskaltel.es -f disenamour@??? -t jspies@??? --body
"..the body of the spam follows here"
the message gets rejected as expected.
What am I (or my exim config) missing? Somewhere there is a hole.
Regards
Johann
--
Johann Spies Telefoon: 021-808 4036
Informasietegnologie, Universiteit van Stellenbosch
"For the word of God is quick, and powerful, and
sharper than any twoedged sword, piercing even to
the dividing asunder of soul and spirit, and of the
joints and marrow, and is a discerner of the thoughts
and intents of the heart." Hebrews 4:12