# Deny unless the address list headers are syntactically correct.
#
- # If you enable this, you might reject legitimate mail.
- .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
+ # This might reject legitimate mail...
deny
message = Message headers fail syntax check
- !acl = acl_local_deny_exceptions
!verify = header_syntax
- .endif
+ # Don't spamcheck big messages
+ accept
+ condition = ${if >{$message_size}{80k}}
+ add_header = X-Spam-Score: Message too big, not scanned.
- # require that there is a verifiable sender address in at least
- # one of the "Sender:", "Reply-To:", or "From:" header lines.
- .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
+ # Deny messages with a large spamscore. The threshold is set by
+ # spamassassin, see required_score in /etc/spamassassin/local.cf
deny
- message = No verifiable sender address in message headers
- !acl = acl_local_deny_exceptions
- !verify = header_sender
- .endif
-
-
- # Deny if the message contains malware. Before enabling this check, you
- # must install a virus scanner and set the av_scanner option in the
- # main configuration.
- #
- # exim4-daemon-heavy must be used for this section to work.
- #
- # deny
- # malware = *
- # message = This message was detected as possible malware ($malware_name).
-
-
- # Add headers to a message if it is judged to be spam. Before enabling this,
- # you must install SpamAssassin. You also need to set the spamd_address
- # option in the main configuration.
- #
- # exim4-daemon-heavy must be used for this section to work.
- #
- # Please note that this is only suiteable as an example. There are
- # multiple issues with this configuration method. For example, if you go
- # this way, you'll give your spamassassin daemon write access to the
- # entire exim spool which might be a security issue in case of a
- # spamassassin exploit.
- #
- # See the exim docs and the exim wiki for more suitable examples.
- #
- # warn
- # spam = Debian-exim:true
- # message = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
-
-
- # This hook allows you to hook in your own ACLs without having to
- # modify this file. If you do it like we suggest, you'll end up with
- # a small performance penalty since there is an additional file being
- # accessed. This doesn't happen if you leave the macro unset.
- .ifdef CHECK_DATA_LOCAL_ACL_FILE
- .include CHECK_DATA_LOCAL_ACL_FILE
- .endif
-
-
- # accept otherwise
+ message = Message was classified as spam
+ # Check using spamassasin, running as the "spamd" user.
+ spam = spamd
+ # Don't reject to some trusted hosts, since they will only generate
+ # useless delivery failures to innocent people. We check this after the
+ # spamcheck, so the next rule can still the spam headers properly.
+ !hosts = +dont_reject_spam_hosts
+
+ # Accept any other messages, but add spam headers.
accept
+ add_header = X-Spam-Score: $spam_score ($spam_bar)
+ add_header = X-Spam-Report: $spam_report
+
+# vim: set sts=2 expandtab sw=2 ai: