[Pkg-exim4-users] AV and SA in default template file

Boyd Stephen Smith Jr. bss at iguanasuicide.net
Thu May 19 20:38:51 UTC 2011 

In <20110519155447.13744ua0amr2ti4g at support.syn.co.uk>, Jonathan Plews wrote:
>Hi, rather than post a bug I thought it best to discuss this first,
>here are some changes I propose to the default template file to make
>AV and Spam functions more simple to activate.
>
>Any thoughts?

I found it unnecessary to modify the files provided by exim4-config and I 
instead was simply able to add files.

/etc/exim4/conf.d/local/acl_check_data:
drop
        message = This message contains "$malware_name" (malware).
        malware = */defer_ok
        delay = 2m

drop
        spam = Debian-exim:true/defer_ok
        message = This message is ${spam_score_int}% SPAM.
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        condition = ${if >= {$spam_score_int}{1} {1}{0}}
        set acl_m_spam_delay = ${if < {$spam_score_int}{300} {$spam_score_int}{300}}
        delay = ${acl_m_spam_delay}s
        condition = ${if >= {$spam_score_int}{10} {1}{0}}
        add_header = X-Spam-Report: $spam_report
        condition = ${if >= {$spam_score_int}{100} {1}{0}}

/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs-local:
# Enables our virus scanning.
CHECK_DATA_LOCAL_ACL_FILE = CONFDIR/conf.d/local/acl_check_data

(This one should be "stock")
/etc/exim4/conf.d/acl/40_exim4-config_check_data:

### acl/40_exim4-config_check_data
#################################

# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.

acl_check_data:

  # Deny unless the address list headers are syntactically correct.
  #
  # If you enable this, you might reject legitimate mail.
  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    message = Message headers fail syntax check
    !acl = acl_local_deny_exceptions
    !verify = header_syntax
  .endif


  # require that there is a verifiable sender address in at least
  # one of the "Sender:", "Reply-To:", or "From:" header lines.
  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_local_deny_exceptions
    !verify = header_sender
  .endif


  # Deny if the message contains malware. Before enabling this check, you
  # must install a virus scanner and set the av_scanner option in the
  # main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  # deny
  #   malware = *
  #   message = This message was detected as possible malware ($malware_name).


  # Add headers to a message if it is judged to be spam. Before enabling this,
  # you must install SpamAssassin. You also need to set the spamd_address
  # option in the main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  # Please note that this is only suiteable as an example. There are
  # multiple issues with this configuration method. For example, if you go
  # this way, you'll give your spamassassin daemon write access to the
  # entire exim spool which might be a security issue in case of a
  # spamassassin exploit.
  #
  # See the exim docs and the exim wiki for more suitable examples.
  #
  # warn
  #   spam = Debian-exim:true
  #   message = X-Spam_score: $spam_score\n\
  #             X-Spam_score_int: $spam_score_int\n\
  #             X-Spam_bar: $spam_bar\n\
  #             X-Spam_report: $spam_report


  # This hook allows you to hook in your own ACLs without having to
  # modify this file. If you do it like we suggest, you'll end up with
  # a small performance penalty since there is an additional file being
  # accessed. This doesn't happen if you leave the macro unset.
  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif


  # accept otherwise
  accept

I am using split configs.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss at iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110519/21bb84fc/attachment.pgp>

More information about the Pkg-exim4-users mailing list