Differences between version 14 and revision by previous author of EximMailFilter.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 14 | Last edited on Wednesday, June 8, 2005 11:37:22 am | by CraigBox | Revert |
| Older page: | version 12 | Last edited on Sunday, April 17, 2005 4:25:10 pm | by JohnMcPherson | Revert |
@@ -1,20 +1,28 @@
-!!!How to make your Debian Woody
machine an amazing [Exim] 4 mail filter
+!!!How to make your Debian machine an amazing [Exim] 4 mail filter
This is how I've set up a new exim4 installation to do all the filtering I used to do with MailScanner or amavis. It's much less CPU intensive to use the daemon mode of SpamAssassin and have your MTA do all the work instead of a big perl script.
There are a number of changes that aren't immediately apparent between using exim3 and exim4 on Debian: the configuration system is completely different. You either have a large configuration template file or a number of small files, but either way, the live config isn't updated until you run __update-exim4.conf__. Running an /etc/init.d/exim4 restart will run this command for you.
!!Get exim4
+
+!Sarge
+
+=apt-get install exim4-daemon-heavy clamav-daemon clamav-freshclam spamassassin= (add more or less as required)
+
+!Woody
Add these lines to your apt sources.list:
<pre>
deb http://www.linux.org.au/backports.org/debian woody exim4
deb http://www.linux.org.au/backports.org/debian woody gnutls11
</pre>
-apt-get install exim4-daemon-heavy. You might like to purge exim3 at this point too else your ex<tab> completion will pick exim instead of exim4. At this point I assume you're running clamav-daemon, spamassassin 3.01
and have recent versions of libnet-perl-dns etc, but I'll deal to those later.
+apt-get install exim4-daemon-heavy. You might like to purge exim3 at this point too else your ex<tab> completion will pick exim instead of exim4. At this point I assume you're running clamav-daemon, spamassassin 3.03
and have recent versions of libnet-perl-dns etc, but I'll deal to those later.
+
+!!Configure exim4
Configure exim4 to use the small config files.
Note: I use '[itp|ItPartners]' to signify my changes. You will want to use your own tag.
@@ -40,16 +48,12 @@
malware = *
</pre>
just above "# accept otherwise".
-
-Add the Debian-exim user to the clamav group: =usermod -G clamav Debian-exim=
-
-Added P.Simmons 29-Jan-2005 Due to clamav updates
Also add the clamav user to group `Debian-exim': =usermod -G Debian-exim clamav=
-and make sure that /etc/clamav/clamd.conf contains `User clamav' and `AllowSupplementaryGroups'.
-This is so clamav can access the /var/spool/exim4 dir
+and make sure that /etc/clamav/clamd.conf contains `User clamav' and `~
AllowSupplementaryGroups'.
+This is so clamav can access the /var/spool/exim4 dir.
To restart exim4, use =invoke-rc.d exim4 restart= which builds the config file from the templates.
Restart clamav daemon, user =invoke-rc.d clamav-daemon restart= which makes the new security work.
@@ -90,10 +94,10 @@
<pre>
# itp: reject spam at high scores (> 15)
deny message = Message scored $spam_score spam points.
- spam = nobody:true
condition = ${if <{$message_size}{100k}{1}{0}}
+ spam = nobody:true
condition = ${if >{$spam_score_int}{150}{1}{0}}
</pre>
Restart and test like so:
@@ -119,33 +123,18 @@
<verbatim>
# itp: Spam redirection router
# Modified from http://duncanthrax.net/exiscan-acl/exiscan-acl-examples.txt,
-# this router takes any message with X-Redirect-To
and redirects it to that
-#
user.
+# and with changes made by RafalJankowski on the WLUG Wiki,
this router takes
+#
any message tagged as spam
and redirects it to the redirect
user.
spam_redirect:
- debug_print = "R: scan_redirect for $domain"
-
driver = redirect
- condition = ${if def:h_X-Redirect-To: {1}{}}
- headers_add = X-Original-Recipient: $local_part@$domain
- data = $h_X-Redirect-To:
- headers_remove = X-Redirect-To
- redirect_router = hubbed_hosts
-
-#[rj]
-# I would suggest using variable instead of a header.
-# Adding X-Redirect-To: header by original sender will allow
-# sending mail through your server without authentication
-#
-#spam_redirect:
-#
debug_print = "R: scan_redirect for $domain"
-#
driver = redirect
-#
condition = ${if def:acl_m1 {1}{}}
-#
headers_add = X-Original-Recipient: $local_part@$domain
-#
data = $acl_m1
-#
redirect_router = hubbed_hosts
-#[rj]
+ debug_print = "R: scan_redirect for $domain"
+ driver = redirect
+ condition = ${if def:acl_m1 {1}{}}
+ headers_add = X-Original-Recipient: $local_part@$domain
+ data = $acl_m1
+ redirect_router = hubbed_hosts
</verbatim>
This sits just before the hubbed_hosts router, which was previously the first router in the queue. Set the redirect router to whichever router you want to process your message next.
@@ -161,23 +150,18 @@
warn message = X-Spam-Report: $spam_report
condition = ${if <{$message_size}{100k}{1}{0}}
spam = nobody:true
- warn message
= X-Redirect-To: quarantine@itpartners.co.nz
+ accept
+ condition
= ${if <{$message_size}{100k}{1}{}}
spam = nobody
-
-#[rj] I would suggest putting something like that instead
-# accept
-# condition = ${if <{$message_size}{100k}{1}{}}
-# spam = nobody
-#
set acl_m1 = "postmaster@itpartners.co.nz"
-#
#delay = 60s
-# #
control = fakereject/This message scored $spam_score spam points. Please contact postmaster
-# #
logwrite = :main,reject: This message scored $spam_score spam points. Please contact postmaster
-#[rj]
+
set acl_m1 = "postmaster@itpartners.co.nz"
+
#delay = 60s
+
control = fakereject
+
logwrite = :main,reject: This message scored $spam_score spam points. Please contact postmaster
</verbatim>
-"nobody:true" matches everyone (the nobody is the user to call SpamAssassin as; as we're always using the same one the result is cached per message).
+"nobody:true" matches everyone (the nobody is the user to call SpamAssassin as; as we're always using the same one the result is cached per message). Make sure you always check the message size before calling "spam" else you will end up passing huge messages to SA
.
In order to get a small sensible spam report instead of the huge default SpamAssassin one, put this in your /etc/spamassassin/local.cf:
<pre>
