Re: [exim] There's a hole in the bucket, ...

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Chambers
Date:  
À: exim-users
Sujet: Re: [exim] There's a hole in the bucket, ...

On Mon, 14 Apr 2008 12:03:26 +0200 Johann Spies <jspies@???> wrote:

> We have put three new mail servers in production in the past month
> and they perform well - but something is leaking through - spam from
> time to time.
>
> Our users can choose whether they want their spam blocked at smtp-time
> and in the check_rcpt acl I have:
>
>
>    warn  set acl_m1 = f
>          domains = ! dbm;/etc/exim4/relaydomains.db
>          condition  = ${if eq{${lookup pgsql \
>           {select 1 from emailuser where \
>           username = '${uc:${quote_pgsql:$local_part}}' and \
>           spamdelete = 't' limit 1}}}{}{no}{yes}}
>         set acl_m1 = t
>        condition = ${if and \
>                           {\
>                             {! eq {$acl_m0}{t}}\
>                             {! eq {$acl_m0}{f}}\
>                           }\
>                            {yes}{no}}
>         set acl_m0 = $acl_m1

>
> Where $acl_m0 is used in the check_data acl to determine whether the
> email must be refused or not at smtp-level and $acl_m1 whether the
> batch of recipients have the same preference in this regard.
>
> The following configuration applies to all three in the check_data acl:
>
> accept     condition  = ${if >{$message_size}{100k}{yes}{no}}

>
> # Always put X-Spam-Score header in the message.
>
> warn message = X-Spam-Score: $spam_score ($spam_bar)
>           hosts = ! +relay_from_hosts
>           spam = spamd:true

>
> warn message = X-Spam-Status: YES
>           hosts = ! +relay_from_hosts
>           condition = ${if >{$spam_score_int}{80}{1}{0}}
>           spam = spamd:true

>
> warn message = X-Spam-Status: NO
>           hosts = ! +relay_from_hosts
>           condition = ${if <{$spam_score_int}{80}{1}{0}}
>           spam = spamd:true

>
> # Always put X-Spam-Report header in the message.
> warn message = X-Spam-Report: \n $spam_report
>           hosts = ! +relay_from_hosts
>           spam = spamd:true

>
>
> # reject messages that score more than 8 and where the user
> # has chosen to have spam blocked.
>
>    deny message = Message viewed as spam. (scored $spam_score) \n \
>              If you are convinced that it was not spam, please send \n \
>              it again and this time CC it to sysadm@??? or \n \
>              contact sysadm@??? to find out why it was marked as \n\
>              spam.  The system administrator will require the following \n \
>              information: sender address, recipient's address and time.\n \
>              \n\
>              The spamfilter report for your email follows:\n $spam_report
>           hosts = ! +relay_from_hosts
>          spam = spamd:true
>           condition = ${if eq{$acl_m0}{t}{yes}{no}}
>           condition = ${if >{$spam_score_int}{80}{1}{0}}
>           log_message = SPAM: Message viewed as spam. (scored $spam_score)

>
> # accept otherwise
> accept
>
> The problem is that sometimes a message has a score of more than 8 and
> the recipient has indicated that it must be blocked, but exim still
> accept the message and deliver it to the recipient.
>
> Here is the spamassassin-related headers in such a message:
>
> X-Spam-Score: 10.1 (++++++++++)
> X-Spam-Status: YES
> X-Spam-Report:
>         MAIL3:(10.1 points)
> ...

>
> When I test a spam message to the same recipient using swaks like this:
>
>
> swaks --pipe "sudo /usr/sbin/exim4 -d -bh 85.87.87.50" -h
> ccqy.euskaltel.es -f disenamour@??? -t jspies@??? --body
> "..the body of the spam follows here"
>
> the message gets rejected as expected.
>
> What am I (or my exim config) missing? Somewhere there is a hole.
>
> Regards
> Johann


The only way you can have user-selection of spam blocking is to defer
recipients who do not match the first recipient's blocking state. I don't see
that in your acl snippets.

You appear to be rejecting the message only if the first recipient has opted to
reject. If the first recipient is not blocking then you accept it for all.

Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter