X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Fexim4%2Fconf.d%2Facl%2F40_exim4-config_check_data;h=fbaacfa0b7a59ed0b5bcfbb6dec3c85fdb74f5d8;hb=6ccd335d2d7cea4f82a19b68f8c6965c773480b3;hp=958639dc3ef9602b4bd1ce05a54a35f8b0fc70c6;hpb=0625c01974df320cade3f9cd56674bcdfee0d9f3;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/etc/exim4/conf.d/acl/40_exim4-config_check_data b/etc/exim4/conf.d/acl/40_exim4-config_check_data index 958639d..fbaacfa 100644 --- a/etc/exim4/conf.d/acl/40_exim4-config_check_data +++ b/etc/exim4/conf.d/acl/40_exim4-config_check_data @@ -10,66 +10,30 @@ acl_check_data: # Deny unless the address list headers are syntactically correct. # - # If you enable this, you might reject legitimate mail. - .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX + # This might reject legitimate mail... deny message = Message headers fail syntax check - !acl = acl_local_deny_exceptions !verify = header_syntax - .endif + # Don't spamcheck big messages + accept + condition = ${if >{$message_size}{80k}} + add_header = X-Spam-Score: Message too big, not scanned. - # require that there is a verifiable sender address in at least - # one of the "Sender:", "Reply-To:", or "From:" header lines. - .ifdef CHECK_DATA_VERIFY_HEADER_SENDER + # Deny messages with a large spamscore. The threshold is set by + # spamassassin, see required_score in /etc/spamassassin/local.cf deny - message = No verifiable sender address in message headers - !acl = acl_local_deny_exceptions - !verify = header_sender - .endif - - - # Deny if the message contains malware. Before enabling this check, you - # must install a virus scanner and set the av_scanner option in the - # main configuration. - # - # exim4-daemon-heavy must be used for this section to work. - # - # deny - # malware = * - # message = This message was detected as possible malware ($malware_name). - - - # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You also need to set the spamd_address - # option in the main configuration. - # - # exim4-daemon-heavy must be used for this section to work. - # - # Please note that this is only suiteable as an example. There are - # multiple issues with this configuration method. For example, if you go - # this way, you'll give your spamassassin daemon write access to the - # entire exim spool which might be a security issue in case of a - # spamassassin exploit. - # - # See the exim docs and the exim wiki for more suitable examples. - # - # warn - # spam = Debian-exim:true - # message = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report - - - # This hook allows you to hook in your own ACLs without having to - # modify this file. If you do it like we suggest, you'll end up with - # a small performance penalty since there is an additional file being - # accessed. This doesn't happen if you leave the macro unset. - .ifdef CHECK_DATA_LOCAL_ACL_FILE - .include CHECK_DATA_LOCAL_ACL_FILE - .endif - - - # accept otherwise + message = Message was classified as spam + # Check using spamassasin, running as the "spamd" user. + spam = spamd + # Don't reject to some trusted hosts, since they will only generate + # useless delivery failures to innocent people. We check this after the + # spamcheck, so the next rule can still the spam headers properly. + !hosts = +dont_reject_spam_hosts + + # Accept any other messages, but add spam headers. accept + add_header = X-Spam-Score: $spam_score ($spam_bar) + add_header = X-Spam-Report: $spam_report + +# vim: set sts=2 expandtab sw=2 ai: