[Pkg-exim4-users] AV and SA in default template file
Boyd Stephen Smith Jr.
bss at iguanasuicide.net
Thu May 19 20:38:51 UTC 2011
In <20110519155447.13744ua0amr2ti4g at support.syn.co.uk>, Jonathan Plews wrote:
>Hi, rather than post a bug I thought it best to discuss this first,
>here are some changes I propose to the default template file to make
>AV and Spam functions more simple to activate.
>
>Any thoughts?
I found it unnecessary to modify the files provided by exim4-config and I
instead was simply able to add files.
/etc/exim4/conf.d/local/acl_check_data:
drop
message = This message contains "$malware_name" (malware).
malware = */defer_ok
delay = 2m
drop
spam = Debian-exim:true/defer_ok
message = This message is ${spam_score_int}% SPAM.
add_header = X-Spam-Score: $spam_score ($spam_bar)
condition = ${if >= {$spam_score_int}{1} {1}{0}}
set acl_m_spam_delay = ${if < {$spam_score_int}{300} {$spam_score_int}{300}}
delay = ${acl_m_spam_delay}s
condition = ${if >= {$spam_score_int}{10} {1}{0}}
add_header = X-Spam-Report: $spam_report
condition = ${if >= {$spam_score_int}{100} {1}{0}}
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs-local:
# Enables our virus scanning.
CHECK_DATA_LOCAL_ACL_FILE = CONFDIR/conf.d/local/acl_check_data
(This one should be "stock")
/etc/exim4/conf.d/acl/40_exim4-config_check_data:
### acl/40_exim4-config_check_data
#################################
# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.
acl_check_data:
# Deny unless the address list headers are syntactically correct.
#
# If you enable this, you might reject legitimate mail.
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_local_deny_exceptions
!verify = header_syntax
.endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif
# Deny if the message contains malware. Before enabling this check, you
# must install a virus scanner and set the av_scanner option in the
# main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# deny
# malware = *
# message = This message was detected as possible malware ($malware_name).
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You also need to set the spamd_address
# option in the main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# Please note that this is only suiteable as an example. There are
# multiple issues with this configuration method. For example, if you go
# this way, you'll give your spamassassin daemon write access to the
# entire exim spool which might be a security issue in case of a
# spamassassin exploit.
#
# See the exim docs and the exim wiki for more suitable examples.
#
# warn
# spam = Debian-exim:true
# message = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
# accept otherwise
accept
I am using split configs.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss at iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110519/21bb84fc/attachment.pgp>
More information about the Pkg-exim4-users
mailing list