### acl/40_exim4-config_check_data
#################################

# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.

acl_check_data:

  # Deny unless the address list headers are syntactically correct.
  #
  # This might reject legitimate mail...
  deny
    message = Message headers fail syntax check
    !verify = header_syntax


  # require that there is a verifiable sender address in at least
  # one of the "Sender:", "Reply-To:", or "From:" header lines.
  deny
    message = No verifiable sender address in message headers
    !verify = header_sender

  # Mark messages with their spamscore and deny messages with a very high
  # score.
  deny
    message = Message was classified as spam
    # Only scan messages that are small, since spam is hardly ever big (and
    # scanning big messages costs lots of resources
    condition = ${if <{$message_size}{80k}}
    # Check using spamassasin's default profile (the name "default" should just
    # be any non-existing profile to get the default configuration). This
    # condition will always succeed, since spam assassin is configured with a
    # very low (even negative) threshold.
    spam = default
    # Add spam headers (these will be added even when the next condition fails
    # and the message is not denied).
    add_header = X-Spam-Score: $spam_score ($spam_bar)
    add_header = X-Spam-Report: $spam_report
    # Reject any messages with a spam score of more than 20 ($spam_score_int is
    # $spam_score * 10). This is fairly high, but we don't like really
    # rejecting messages.
    condition = ${if >{$spam_score_int}{200}}

  # accept otherwise
  accept

# vim: set sts=2 expandtab sw=2 ai: