Wiki

User Tools

Site Tools

Trace:
exim4:access_control

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
exim4:access_control [2016/11/04 10:42] peterexim4:access_control [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 26: Line 26:
 </file> </file>
  
 +<WRAP warning>
 **WARNING**:  Pursue **HELO** checking at your own peril.  The HELO is fairly unimportant in the grand scheme of SMTP these days, so don't put too much faith in whatever it contains.  Some spam might seem to use a telltale HELO string, but you might be surprised at how many legitimate messages start off with a questionable HELO as well.  Anyway, it's just as easy for a spammer to send a proper HELO than it is to send HELO im.a.spammer, so consider yourself lucky if you're able to stop much spam this way. **WARNING**:  Pursue **HELO** checking at your own peril.  The HELO is fairly unimportant in the grand scheme of SMTP these days, so don't put too much faith in whatever it contains.  Some spam might seem to use a telltale HELO string, but you might be surprised at how many legitimate messages start off with a questionable HELO as well.  Anyway, it's just as easy for a spammer to send a proper HELO than it is to send HELO im.a.spammer, so consider yourself lucky if you're able to stop much spam this way.
 +</WRAP>
  
  
Line 252: Line 254:
 ###################################################################### ######################################################################
 # ACL "subroutine" used by acl_check_rcpt below. Used to detect  # ACL "subroutine" used by acl_check_rcpt below. Used to detect 
-# hosts wich have not their own registered domain-name (probably spammer).+# hosts which have not their own registered domain-name (probably spammer).
 # Return ok if the HELO argument correspond to the connected HOST and  # Return ok if the HELO argument correspond to the connected HOST and 
 # if the argument does not contain an IP in decimal or hexa. # if the argument does not contain an IP in decimal or hexa.
Line 281: Line 283:
             condition   = ${if eq {$acl_m9}{grey}{true}{false}}             condition   = ${if eq {$acl_m9}{grey}{true}{false}}
 </file>   </file>  
-              + 
 + 
 +===== Anti-virus: Windows executable in attachment ===== 
 + 
 +It's a very basic anti-virus: every emails with a windows executable as attachment is rejected. 
 + 
 +<file> 
 +acl_check_data: 
 + . . .  
 +    deny    message = This message contains an attachment of a type which we do not accept (.$found_extension)  
 +            demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url 
 +</file> 
 + 
 + 
 +===== anti-virus: clamav ===== 
 + 
 +<file> 
 +###################################################################### 
 +#                    MAIN CONFIGURATION SETTINGS                     # 
 +###################################################################### 
 +av_scanner = clamd:/var/run/clamd.ctl 
 + . . .  
 +###################################################################### 
 +#                          ACL CONFIGURATION                         # 
 +###################################################################### 
 +acl_check_data: 
 + . . .  
 +    deny    message = This message contains a virus or other harmful content ($malware_name) 
 +            demime = *  
 +            malware = * 
 +</file>                 
 + 
 + 
 + 
 +anti-spam external detector: spamassassin 
 + 
 +We add a "X-SA-Score:" in the header of all emails, a "X-SA-Report:" for all email with spam score >0, we consider it a spam if score >5 (adding "X-SA-Status: Yes" and we don't accept the email if score >7. 
 + 
 +Because of the "accept" we must put this acl block at the end of the acl_check_data. 
 + 
 +<file> 
 +###################################################################### 
 +#                    MAIN CONFIGURATION SETTINGS                     # 
 +###################################################################### 
 +spamd_address = 127.0.0.1 783 
 + . . .  
 +###################################################################### 
 +#                          ACL CONFIGURATION                         # 
 +###################################################################### 
 +acl_check_data: 
 + . . .  
 +    ## spamassassin, spams are never big and spamassassin can die on big emails, so we 
 +    ## limit its use under 500k. 
 +    accept  condition = ${if >={$message_size}{500k}{yes}{no}} 
 +    warn    message = X-SA-Score: $spam_score  
 +            spam = nobody:true  
 +    warn    message = X-SA-Report: $spam_report  
 +            spam = nobody:true 
 +            condition = ${if >{$spam_score_int}{0}{true}{false}} 
 +    warn    message = X-SA-Status: Yes  
 +            spam = nobody:true 
 +            condition = ${if >{$spam_score_int}{50}{true}{false}} 
 +    deny    message = This message scored $spam_score spam points.  
 +            spam = nobody:true  
 +            condition = ${if >{$spam_score_int}{70}{true}{false}} 
 +</file> 
 +   
 +In your "~/.forward" you can redirect spams (5< score ≤7) in a special inbox: 
 + 
 +<file bash ~/.forward> 
 +#   Exim filter   <<== do not edit or remove this line! 
 +if $h_X-SA-Status: matches "^Yes" then 
 +     save $home/.Mailboxes/incoming/spam 
 +     finish 
 +endif 
 +</file>   
 + 
 + 
 +===== Checking source of email associated with your domain in whois ===== 
 + 
 +If you have an email published in a whois database (spammers scan these databases) but want emails just from your registrar, you can add this in your "~/.forward" filter: 
 + 
 +<file bash ~/.forward> 
 +#   Exim filter   <<== do not edit or remove this line! 
 +if $original_local_part is "sharewiz-tr-myregistrar" 
 +  then 
 +  if $sender_address_domain is "myregistrar.net" then 
 +    deliver john 
 +  else 
 +    save $home/.Mailboxes/incoming/spam 
 +    finish 
 +  endif 
 +endif 
 +</file> 
exim4/access_control.1478256162.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki