~mdw / exim-config / blame
| Commit | Line | Data |
|---|---|---|
| 185b5456 MW |
1 | ### -*-m4-*- |
| 2 | ### | |
| 3 | ### Spam filtering for distorted.org.uk Exim configuration | |
| 4 | ### | |
| 5 | ### (c) 2012 Mark Wooding | |
| 6 | ### | |
| 7 | ||
| 8 | ###----- Licensing notice --------------------------------------------------- | |
| 9 | ### | |
| 10 | ### This program is free software; you can redistribute it and/or modify | |
| 11 | ### it under the terms of the GNU General Public License as published by | |
| 12 | ### the Free Software Foundation; either version 2 of the License, or | |
| 13 | ### (at your option) any later version. | |
| 14 | ### | |
| 15 | ### This program is distributed in the hope that it will be useful, | |
| 16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 18 | ### GNU General Public License for more details. | |
| 19 | ### | |
| 20 | ### You should have received a copy of the GNU General Public License | |
| 21 | ### along with this program; if not, write to the Free Software Foundation, | |
| 22 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 23 | ||
| 24 | DIVERT(null) | |
| 25 | ###-------------------------------------------------------------------------- | |
| 26 | ### Spam filtering. | |
| 27 | ||
| 28 | SECTION(global, policy)m4_dnl | |
| 29 | spamd_address = CONF_spamd_address CONF_spamd_port | |
| 30 | ||
| 31 | SECTION(routers, allspam)m4_dnl | |
| 32 | ## If we're verifying an address and the recipient has a `~/.mail/spam-limit' | |
| 33 | ## file, then look up the recipient and sender addresses to find a plausible | |
| 34 | ## limit and insert it into the `address_data' where the RCPT ACL can find | |
| 35 | ## it. This router always declines, so it doesn't affect the overall outcome | |
| 36 | ## of the verification. | |
| 37 | fetch_spam_limit: | |
| 38 | driver = redirect | |
| 39 | data = :unknown: | |
| 40 | verify_only = true | |
| 41 | local_part_suffix = CONF_user_suffix_list | |
| 42 | local_part_suffix_optional = true | |
| 43 | check_local_user | |
| 44 | address_data = \ | |
| 45 | ${if def:address_data {$address_data}{}} \ | |
| 46 | ${if exists {CONF_userconf_dir/spam-limit} \ | |
| 47 | {${lookup {$local_part_prefix\ | |
| 48 | $local_part\ | |
| 49 | $local_part_suffix\ | |
| 50 | @$domain/\ | |
| 51 | $sender_address} \ | |
| 52 | nwildlsearch {CONF_userconf_dir/spam-limit} \ | |
| 53 | {spam_limit=$value} \ | |
| 54 | {}}} \ | |
| 55 | {}} \ | |
| 56 | ${if exists {CONF_userconf_dir/spam-limit.userv} \ | |
| 57 | {${run {timeout 5s -- \ | |
| 58 | userv $local_part exim-spam-limit \ | |
| 59 | $sender_address \ | |
| 60 | $local_part_prefix \ | |
| 61 | $local_part \ | |
| 62 | $local_part_suffix \ | |
| 63 | @$domain} \ | |
| 64 | {${if match{$value}{\N^[0-9]+$\N} \ | |
| 65 | {spam_limit=$value} \ | |
| 66 | {}}} \ | |
| 67 | {}}} \ | |
| 68 | {}} | |
| 69 | ||
| 70 | SECTION(acl, rcpt-hooks)m4_dnl | |
| 71 | ## Do per-recipient spam-filter processing. | |
| 72 | require acl = rcpt_spam | |
| 73 | ||
| 74 | SECTION(acl, misc)m4_dnl | |
| 75 | rcpt_spam: | |
| 76 | ||
| 77 | ## If the client is trusted, don't bother with any of this. | |
| 78 | accept hosts = +trusted | |
| 79 | ||
| 80 | ## Collect the user's spam threshold from the `address_data' | |
| 81 | ## variable, where it was left by the `fetch_spam_limit' router | |
| 82 | ## during recipient verification. (This just saves duplicating this | |
| 83 | ## enormous expression.) | |
| 84 | warn set acl_m_this_spam_limit = \ | |
| 85 | ${sg {${extract {spam_limit} \ | |
| 86 | {${if def:address_data \ | |
| 87 | {$address_data}{}}} \ | |
| 88 | {$value}{nil}}} \ | |
| 89 | {^(|.*\\D.*)\$}{CONF_spam_max}} | |
| 90 | ||
| 91 | ## If there's a spam limit already established, and it's different | |
| 92 | ## from this user's limit, then the sender will have to try this user | |
| 93 | ## again later. | |
| 94 | defer !hosts = +trusted | |
| 95 | message = "You'd better try this one later" | |
| 96 | condition = ${if def:acl_m_spam_limit {true}{false}} | |
| 97 | condition = ${if ={$acl_m_spam_limit} \ | |
| 98 | {$acl_m_this_spam_limit} \ | |
| 99 | {false}{true}} | |
| 100 | ||
| 101 | ## There's no limit set yet, or the user's limit is the same as the | |
| 102 | ## existing one, or the client's local and we're not checking for | |
| 103 | ## spam anyway. Whichever way, it's safe to set it now. | |
| 104 | warn set acl_m_spam_limit = $acl_m_this_spam_limit | |
| 105 | ||
| 106 | ## All done. | |
| 107 | accept | |
| 108 | ||
| 109 | SECTION(acl, data-spam)m4_dnl | |
| 110 | ## Do spam checking. | |
| 111 | require acl = data_spam | |
| 112 | ||
| 113 | SECTION(acl, misc)m4_dnl | |
| 114 | data_spam: | |
| 115 | ||
| 116 | ## If the client is trusted, don't bother with any of this. | |
| 117 | accept hosts = +trusted | |
| 118 | ||
| 119 | ## Check the message for spam, comparing to the configured limit. | |
| 120 | deny spam = exim:true | |
| 121 | message = Tinned meat product detected ($spam_score) | |
| 122 | condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \ | |
| 123 | {true}{false}} | |
| 124 | ||
| 125 | ## Insert headers from the spam check now that we've decided to | |
| 126 | ## accept the message. | |
| 127 | warn | |
| 128 | ## Convert the limit (currently 10x fixed point) into a | |
| 129 | ## decimal for presentation. | |
| 130 | set acl_m_spam_limit_presentation = \ | |
| 131 | ${sg{$acl_m_spam_limit}{\N(\d)$\N}{.\$1}} | |
| 132 | ||
| 133 | ## Convert the report into something less obnoxious. Plain | |
| 134 | ## old SpamAssassin has an `X-Spam-Status' header which | |
| 135 | ## lists the matched rules and provides some other basic | |
| 136 | ## information. Try to extract something similar from the | |
| 137 | ## report. | |
| 138 | ## | |
| 139 | ## This is rather fiddly. | |
| 140 | ||
| 141 | ## Firstly, escape angle brackets, because we'll be using | |
| 142 | ## them for our own purposes. | |
| 143 | set acl_m_spam_tests = ${sg{$spam_report}{([!<>])}{!\$1}} | |
| 144 | ||
| 145 | ## Trim off the blurb paragraph and the preview. The rest | |
| 146 | ## should be fairly well behaved. Wrap double angle- | |
| 147 | ## brackets around the remainder; these can't appear in the | |
| 148 | ## body because we escaped them all earlier. | |
| 149 | set acl_m_spam_tests = \ | |
| 150 | ${sg{$acl_m_spam_tests} \ | |
| 151 | {\N^(?s).*\n Content analysis details:(.*)$\N} \ | |
| 152 | {<<\$1>>}} | |
| 153 | ||
| 154 | ## Extract the information about the matching rules and | |
| 155 | ## their scores. Leave `<<...>>' around everything else. | |
| 156 | set acl_m_spam_tests = \ | |
| 157 | ${sg{$acl_m_spam_tests} \ | |
| 158 | {\N(?s)\n\s*([\d.]+)\s+([-\w]+)\s\N} \ | |
| 159 | {>>\$2:\$1,<<}} | |
| 160 | ||
| 161 | ## Strip everything still in `<<...>>' pairs, including any | |
| 162 | ## escaped characters inside. | |
| 163 | set acl_m_spam_tests = \ | |
| 164 | ${sg{$acl_m_spam_tests}{\N(?s)<<([^!>]+|!.)*>>\N}{}} | |
| 165 | ||
| 166 | ## Trim off a trailing comma. | |
| 167 | set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{,\s*\$}{}} | |
| 168 | ||
| 169 | ## Undo the escaping. | |
| 170 | set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}} | |
| 171 | ||
| 172 | ## Insert the headers. | |
| 173 | add_header = X-SpamAssassin-Score: \ | |
| 174 | $spam_score/$acl_m_spam_limit_presentation \ | |
| 175 | ($spam_bar) | |
| 176 | add_header = X-SpamAssassin-Status: \ | |
| 177 | score=$spam_score, \ | |
| 178 | limit=$acl_m_spam_limit_presentation, \n\t\ | |
| 179 | tests=$acl_m_spam_tests | |
| 180 | ||
| 181 | ||
| 182 | ## We're good. | |
| 183 | accept | |
| 184 | ||
| 185 | DIVERT(null) | |
| 186 | ###----- That's all, folks -------------------------------------------------- |