X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Fexim4%2Fconf.d%2Facl%2F40_exim4-config_check_data;h=a1b7024cec9ce32af61b3b10b2ba4577504e25bf;hb=712074091c34cbd445c4ba823d0d6d63a31557d2;hp=958639dc3ef9602b4bd1ce05a54a35f8b0fc70c6;hpb=0625c01974df320cade3f9cd56674bcdfee0d9f3;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/etc/exim4/conf.d/acl/40_exim4-config_check_data b/etc/exim4/conf.d/acl/40_exim4-config_check_data index 958639d..a1b7024 100644 --- a/etc/exim4/conf.d/acl/40_exim4-config_check_data +++ b/etc/exim4/conf.d/acl/40_exim4-config_check_data @@ -10,66 +10,39 @@ acl_check_data: # Deny unless the address list headers are syntactically correct. # - # If you enable this, you might reject legitimate mail. - .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX + # This might reject legitimate mail... deny message = Message headers fail syntax check - !acl = acl_local_deny_exceptions !verify = header_syntax - .endif # require that there is a verifiable sender address in at least # one of the "Sender:", "Reply-To:", or "From:" header lines. - .ifdef CHECK_DATA_VERIFY_HEADER_SENDER deny message = No verifiable sender address in message headers - !acl = acl_local_deny_exceptions !verify = header_sender - .endif - - - # Deny if the message contains malware. Before enabling this check, you - # must install a virus scanner and set the av_scanner option in the - # main configuration. - # - # exim4-daemon-heavy must be used for this section to work. - # - # deny - # malware = * - # message = This message was detected as possible malware ($malware_name). - - - # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You also need to set the spamd_address - # option in the main configuration. - # - # exim4-daemon-heavy must be used for this section to work. - # - # Please note that this is only suiteable as an example. There are - # multiple issues with this configuration method. For example, if you go - # this way, you'll give your spamassassin daemon write access to the - # entire exim spool which might be a security issue in case of a - # spamassassin exploit. - # - # See the exim docs and the exim wiki for more suitable examples. - # - # warn - # spam = Debian-exim:true - # message = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report - - - # This hook allows you to hook in your own ACLs without having to - # modify this file. If you do it like we suggest, you'll end up with - # a small performance penalty since there is an additional file being - # accessed. This doesn't happen if you leave the macro unset. - .ifdef CHECK_DATA_LOCAL_ACL_FILE - .include CHECK_DATA_LOCAL_ACL_FILE - .endif + # Mark messages with their spamscore and deny messages with a very high + # score. + deny + message = Message was classified as spam + # Only scan messages that are small, since spam is hardly ever big (and + # scanning big messages costs lots of resources + condition = ${if <{$message_size}{80k}} + # Check using spamassasin, running as the "spamd" user. + # This condition will always succeed, since spam assassin is configured + # with a very low (even negative) threshold. + spam = spamd + # Add spam headers (these will be added even when the next condition fails + # and the message is not denied). + add_header = X-Spam-Score: $spam_score ($spam_bar) + add_header = X-Spam-Report: $spam_report + # Reject any messages with a spam score of more than 20 ($spam_score_int is + # $spam_score * 10). This is fairly high, but we don't like really + # rejecting messages. + condition = ${if >{$spam_score_int}{200}} # accept otherwise accept + +# vim: set sts=2 expandtab sw=2 ai: