[exim] ACL always runs spam check

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mark Hills
Date:  
À: exim-users
Sujet: [exim] ACL always runs spam check
I'm trying to have the ACL skip running spamd in some cases, by
pre-empting it with "accept", but it's always launching the spam check.

The relevant ACL is below, with example log message.

The log shows the "certified connection" rule is matched, yet the spam
check is still launched. Whereas I'd expect the "spam =" line to never be
acted upon.

Do I have some fundamental misunderstanding about how ACLs actually work?

This means that even as SMTP smarthost, I'm getting bogus spam check
headers added to outbound mail.

What's curious is I don't remember it being like this before. Old test
messages send from 2015/2016 don't show these headers, implying that it
used to work. There could be a number of reasons here that it'll take me
some time to test, but if you know of an Exim change that may have done
this then it would be helpful to know.

This is from Exim version 4.87_1 on FreeBSD.

Any advice appreciated -- thanks

--
Mark



acl_check_data:

# There are several relay conditions under which we don't do any scanning

  accept  hosts = :
          logwrite = accepting message content from local host


  accept  hosts = +relay_from_hosts
          logwrite = accepting message content from trusted host


  accept  verify = certificate
          condition = ${if inlist{${sha256:$tls_in_peercert}}{RELAY_FROM_CERTS}}
          logwrite = accepting message content from certified connection


  accept  authenticated = *
          logwrite = accepting message content from authenticated connection


# Spam checking takes a long time on large messages

  accept  condition = ${if >={$message_size}{500k}{yes}{no}}
          add_header = X-Spam: check bypassed due to message size
          logwrite = skipping spam check on large message


# Scan the body of the message for spam and add the information
# to the headers

  warn    spam = nobody:true
          add_header = X-Spam-Score: $spam_score
          add_header = X-Spam-Level: $spam_bar
          add_header = X-Spam-Report: $spam_report


# Introduce a small delay to slow down spammers

  warn    condition = ${if >{$spam_score_int}{20}{true}{false}}
          delay = 60s
          log_message = delaying spammer by 60s


  warn    condition = ${if >{$spam_score_int}{40}{true}{false}}
          delay = 120s
          log_message = delaying spammer by 120s


# For a high spam rating, reject at the SMTP level

  deny    message = this message has been judged to be spam
          spam = nobody:true
          condition = ${if >{$spam_score_int}{80}{true}{false}}
          delay = 240s
          log_message = delaying spammer by 240s and rejecting spam at SMTP ($spam_score)


accept




2017-01-09 23:45:10 1cQjck-0001fD-2F accepting message content from certified connection
2017-01-09 23:45:10 1cQjck-0001fD-2F SA: Debug: SAEximRunCond expand returned: '1'
2017-01-09 23:45:10 1cQjck-0001fD-2F SA: Debug: check succeeded, running spamc
2017-01-09 23:45:11 1cQjck-0001fD-2F SA: Action: scanned but message isn't spam: score=3.8 required=5.0 (scanned in 1/1 secs | Message-Id: 1701092345040.21445@???). From <mark-xxxxxxx@???> (host=xxxxx.net [x.x.x.x]) for xxxxxxxxxxxxxx@???
2017-01-09 23:45:11 1cQjck-0001fD-2F <= mark@??? H=xxxxxx.net (stax.localdomain) [x.x.x.x] P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes S=1156 id=1701092345040.21445@???
2017-01-09 23:45:11 1cQjck-0001fD-2F => xxxxxxxxxxxxxx@??? R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [2a00:1450:400c:c01::1b] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK 1484005511 7si346350wmu.55 - gsmtp"