Dear all,
beeing tired from sorting out SPAM I decided to use amavisd-new for
filtering out virus emails and to use exim's content scanning
capabilities for rejecting SPAM during the SMTP session. Spamassassin is
used to check mails for SPAM. Exim is listening on ports 25 (standard)
and 10025 for amavisd (received mails are first passed on to amavis by
using a special router and transport and afterwards the local delivery
is done) where they are being checked for virusses. To avoid double
scanning I use a condition where a mail should only be checked when it
was submitted on port 25.
That said I use the following configuration in exim4.conf:
acl_check_data:
# Don't check mails in a session where the user was authenticated
accept authenticated = *
# to mark all mails
spamd:true
warn spam = spamd
condition = ${if and {{<{$message_size}{30K}}{!eq
{$interface_port}{10025}}}{0}{1}}
add_header = X-SPAM-Score: $spam_score ($spam_bar)
# add second subject line with *SPAM* marker when message
# is over threshold
warn spam = spamd
condition = ${if and
{{!eq{$interface_port}{10025}}{<{$message_size}{30K}}}{0}{1}}
add_header = Subject: [*SPAM*] $h_Subject:
add_header = X-Spam-Report: $spam_report
add_header = X-Spam-Score_int: $spam_score_int
# reject spam at high scores (> 8)
deny message = We don't accept mail from SPAMMERS! GO AWAY!
log_message = SPAM: Message from $h_from $h_subject scored
$spam_score points.
spam = spamd:true
condition = ${if and
{{<{$message_size}{30K}}{!eq{$interface_port}{10025}}{>{$spam_score_int}{80}}}{1}{0}}
# Accept the message.
accept
Now I have several problems.
1. Mails get checked even in a session where the user authenticated itself.
2. Mails with >30K are being checked.
3. In case Mails are over threshold they are beeing checked twice
(Headers are added twice).
4. I keep receiving Mails that are correctly tagged as [*SPAM*] in the
subject and exceed spam_score_int by far, e.g. with a score of 210. But
they are not rejected but delivered to my local inbox. Most of the SPAM
mails are correctly rejected. I have no idea why. Sample header of a
mail that should have been rejected:
Return-path: <Petrno_aesitsxten@???>
Envelope-to: XXX@XXX
Delivery-date: Sun, 01 Jun 2008 19:55:06 +0200
Received: from localhost ([127.0.0.1])
by xxx.xxx.xxx with esmtp (Exim 4.69)
(envelope-from <Petrno_aesitsxten@yyy>)
id 1K2rll-0003YB-Kv
for xxx@xxx; Sun, 01 Jun 2008 19:55:06 +0200
X-Quarantine-ID: <O+iNmpI+7NxP>
X-Virus-Scanned: Debian amavisd-new at xxx.xxx
Received: from xxx.xxx ([127.0.0.1])
by localhost (xxx.xxx [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id O+iNmpI+7NxP for <xxx@xxx>;
Sun, 1 Jun 2008 19:55:01 +0200 (CEST)
Received: from [88.148.116.148] (helo=delphi.com)
by xxx.xxx with smtp (Exim 4.69)
(envelope-from <Petrno_aesitsxten@yyy>)
id 1K2rlb-0003Y5-Vn
for xxx@xxx; Sun, 01 Jun 2008 19:55:01 +0200
Message-ID: <A3F6AD3D.AE786D10@???>
Date: Sun, 01 Jun 2008 10:26:15 -0800
Reply-To: "Schuster" <Petrno_aesitsxten@yyy>
From: "Schuster" <Petrno_aesitsxten@yyy>
To: <xxx@xxx>
Subject: Fuer Alt und Jung
Content-Type: multipart/related;
boundary="------------871826543646547773013443"
X-SPAM-Score: 15.5 (+++++++++++++++)
Subject: [*SPAM*] Fuer Alt und Jung
X-Spam-Report: [...]
X-Spam-Score_int: 155
X-SPAM-Score: 17.0 (+++++++++++++++++)
Subject: [*SPAM*] Fuer Alt und Jung
X-ACL-Warn: [*SPAM*] Fuer Alt und Jung
X-Spam-Report: [...]
X-Spam-Score_int: 170
[...]
Any idea why that one wasn't rejected while checking acl_check_data?