Penguin
Recent Changes
Note: You are viewing an old revision of this page. View the current version.

How to make your Debian Woody machine an exim4 mail filter

This should all be in one place, but isn't yet.

Get exim4

Add these lines to your apt sources.list:

deb http://www.logic.univie.ac.at/ametzler/debian/exim4manpages/ woody/
deb http://www.linux.org.au/backports.org/debian woody gnutls11

apt-get install exim4-daemon-heavy. At this point I assume you're running clamav-daemon, spamassassin 3.01 and have recent versions of libnet-perl-dns etc, but I'll deal to those later.

Configure exim4 to use the small config files.

Note: I use 'itp' to signify my changes. You will want to use your own tag.

Get clamav working

Change into /etc/exim4/conf.d/main. Copy 02_exim4-config_options to 02_exim4-config_options.rul and add these lines:

# itp: set ClamAV path
#
av_scanner = clamd:/var/run/clamav/clamd.ctl

Now change into /etc/exim4/conf.d/acl. Copy 40_exim4-config_check_data to 40_exim4-config_check_data.rul and add these lines:

   # itp: Reject messages containing malware.
   deny message = This message contains malware ($malware_name)
       demime = *
       malware = *

just above "# accept otherwise".

Add the Debian-exim user to the clamav group: usermod -G clamav Debian-exim

To restart exim4, use invoke-rc.d exim4 restart which builds the config file from the templates.

Test it:

telnet localhost 25
220 firewall.test ESMTP Exim 4.34 Tue, 14 Dec 2004 14:20:28 +1300
HELO test.co.nz
250 firewall.test Hello localhost [127.0.0.1]
MAIL FROM: sdg@adfgsdg.co.nz
250 OK
RCPT TO: foo@foo.co.nz
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
550 This message contains malware (Eicar-Test-Signature)

Get spamassasin working

To your main/02_exim4-config_options.rul, add:

# itp: set SpamAssassin path
#
spamd_address = 127.0.0.1 783

To your acl/40_exim4-config_check_data.rul, add:

   # itp: reject spam at high scores (> 12)
   deny message = This message scored $spam_score spam points.
        spam = nobody:true
        condition = ${if >{$spam_score_int}{120}{1}{0}}

Restart and test like so:

MAIL FROM: me@them.co.nz
250 OK
RCPT TO: foo@bar.com
250 Accepted
DATA
354 Enter message, ending with "." on a line by itself
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
.
550 This message scored 998.8 spam points.
QUIT