Re: [exim] Exim4 skips SpamAssassin if attachments are too b…

Top Page
Delete this message
Reply to this message
Author: Lena
Date:  
To: exim-users
CC: Paul Lenz
Subject: Re: [exim] Exim4 skips SpamAssassin if attachments are too big
> From: Paul Lenz <paul@???>

> The mentioned text "Loteria" was clearly visible in the body, because it
> was attached as
> Content-Type: text/plain; charset="Windows-1251"
> Content-Transfer-Encoding: 7bit


Connect with your server using SSH, give the command:

exim -bP acl_smtp_data

In your case it must say:

acl_smtp_data = check_message

If it says something else then it's the reason why this in your config
didn't work:

#!!# ACL that is used after the DATA command
check_message:
    deny senders = /etc/exim4/blockeddoms


    discard message = "Loteria in message body"
        !senders   = :
        condition  = ${if match{${lc:$message_body}}{loteria|lottery}{yes}{no}}


> Anyway I will try your code


An afterthought: better with \b instead of \s

> Why do you want to reject spam?


Sometimes your rules will make mistakes (called "false positives")
considering an honest message as a spam. If spam is rejected then
the human sender knows about that and sees what you wrote in "message".

> Isn't it a waste of traffic


"deny" in RCPT causes less traffic (message body isn't transmitted).
"deny" in DATA or MIME - no difference in traffic,
only what you wrote in "message" is transmitted.

> and may
> cause useless bounces?


"deny" in ACL doesn't cause your Exim to send a separate letter
called a "bounce". Your Exim refuses to accept the message.
The sending server may create a bounce, but it's helpful in case of
a false positive.

> 2. I would prefer to use my director which simply moves spam detected by
> SpamAssassin into a waste bin:


Is the "waste bin" a folder you look at once a day or so?
My Exim either accepts a message into Inbox or rejects what it considers spam,
with few exceptions (I seldom use "discard"). I don't use SpamAssassin,
my VPS with Exim (and a web-server) has only 64M RAM.

> spamkill_director:
>    driver = accept
>    check_local_user
>    condition = "${if def:h_X-Spam-Flag: {1}{0}}"
>    transport = spamkill
>    no_verify

>
> How can I set this flag instead of denying a message if "loteria" was
> detected?


You can set an "acl_m_" variable and check it in that router.

> I had a look on you file "Lena-eximconf-run.txt".
> I wonder how this set of rules can detect viruses.


Currently it checks only what is mentioned in WINBIN and COMPREXT.

> I wrote a plugin for Spamassassin which unzips every attachement and
> (IMHO very important) unzips every MS Office file (xlsx, xlsm, docx) and
> looks for strings like "rundll32" or "This program cannot be run in DOS
> mode" and some others.


Good idea (about Office files). Perhaps I can replicate this
in Exim without SpamAssassin if you send me your code or a link to it.