3 ### Spam filtering for distorted.org.uk Exim configuration
5 ### (c) 2012 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 ###--------------------------------------------------------------------------
28 ## The Exim documentation tells lies.
30 ## : *${run{*<_command_>* *<_args_>*}{*<_string1_>*}{*<_string2_>*}}*
31 ## : The command and its arguments are first expanded separately, [...]
33 ## They aren't. The whole command-and-args are expanded together, and then
34 ## split at unquoted spaces. This unpleasant hack sorts out the mess.
35 m4_define(<:SHQUOTE:>, <:"${rxquote:$1}":>)
37 ## Utilities for collecting spam limits.
38 m4_define(<:SPAMLIMIT_CHECK:>,
39 <:${if match{$1}{\N^-?[0-9]+$\N} {spam_limit=$1} {}}:>)
41 m4_define(<:SPAMLIMIT_ROUTER:>,
46 condition = ${if !eq{$acl_c_mode}{submission}}
47 condition = ${extract{spam_limit}{$address_data}{false}{true}}:>)
49 m4_define(<:SPAMLIMIT_SET:>,
51 ${if def:address_data {$address_data}{}} \
54 m4_define(<:SPAMLIMIT_LOOKUP:>,
55 <:condition = ${if exists{$1}}
56 SPAMLIMIT_SET(<:${lookup {$2$3$4@$5/$6} nwildlsearch {$1} \
57 {SPAMLIMIT_CHECK($value)}}:>):>)
59 m4_define(<:SPAMLIMIT_USERV:>,
60 <:SPAMLIMIT_SET(<:${run {/usr/bin/timeout 5s \
61 userv CONF_userv_opts \
62 SHQUOTE($1) exim-spam-limit \
63 SHQUOTE($6) SHQUOTE($2) SHQUOTE($3) \
64 SHQUOTE($4) SHQUOTE(@$5)} \
65 {SPAMLIMIT_CHECK($value)}}:>):>)
67 SECTION(global, policy)m4_dnl
68 spamd_address = CONF_spamd_address CONF_spamd_port
70 SECTION(routers, allspam)m4_dnl
71 ## If we're verifying an address and the recipient has a `~/.mail/spam-limit'
72 ## file, then look up the recipient and sender addresses to find a plausible
73 ## limit and insert it into the `address_data' where the RCPT ACL can find
74 ## it. This router always declines, so it doesn't affect the overall outcome
75 ## of the verification.
76 SPAMLIMIT_ROUTER(fetch_spam_limit_lookup)
78 local_part_suffix = CONF_user_suffix_list
79 local_part_suffix_optional = true
80 SPAMLIMIT_LOOKUP(CONF_userconf_dir/spam-limit,
81 $local_part_prefix, $local_part, $local_part_suffix, $domain,
84 SPAMLIMIT_ROUTER(fetch_spam_limit_userv)
86 local_part_suffix = CONF_user_suffix_list
87 local_part_suffix_optional = true
88 condition = ${if exists{CONF_userconf_dir/spam-limit.userv}}
89 SPAMLIMIT_USERV(SHQUOTE($local_part),
90 $local_part_prefix, $local_part, $local_part_suffix, $domain,
93 SECTION(acl, rcpt-hooks)m4_dnl
94 ## Do per-recipient spam-filter processing.
95 require acl = rcpt_spam
97 SECTION(acl, misc)m4_dnl
100 ## If the client is trusted, or this is a new submission, don't
101 ## bother with any of this. We will have verified the sender
102 ## fairly aggressively before granting this level of trust.
103 accept hosts = +trusted
104 accept condition = ${if eq{$acl_c_mode}{submission}}
106 ## If all domains have disabled spam checking then don't check.
107 accept !condition = $acl_c_spam_check_domain
109 ## Otherwise we should check.
114 ## If this is a virtual domain, and it says `spam-check=no', then we
115 ## shouldn't check spam. But we can't check domains at DATA time, so
116 ## instead we must track whether all recipients have disabled
118 warn !domains = ${if exists{CONF_sysconf_dir/domains.conf} \
119 {partial0-lsearch; CONF_sysconf_dir/domains.conf} \
121 set acl_c_spam_check_domain = true
122 warn !condition = $acl_c_spam_check_domain
123 condition = DOMKV(spam-check, {${expand:$value}}{true})
124 set acl_c_spam_check_domain = true
126 ## See if we should do this check.
127 accept acl = skip_spam_check
129 ## Always accept mail to `postmaster'. Currently this is not
130 ## negotiable; maybe a tweak can be added to `domains.conf' if
132 accept local_parts = postmaster
134 ## Collect the user's spam threshold from the `address_data'
135 ## variable, where it was left by the `fetch_spam_limit' router
136 ## during recipient verification. (This just saves duplicating this
137 ## enormous expression.)
138 warn set acl_m_this_spam_limit = \
139 ${sg {${extract {spam_limit} \
140 {${if def:address_data \
141 {$address_data}{}}} \
143 {^(|.*\\D.*)\$}{CONF_spam_max}}
145 ## If there's a spam limit already established, and it's different
146 ## from this user's limit, then the sender will have to try this user
148 defer !hosts = +trusted
149 message = "You'd better try this one later"
150 condition = ${if def:acl_m_spam_limit {true}{false}}
151 condition = ${if ={$acl_m_spam_limit} \
152 {$acl_m_this_spam_limit} \
155 ## There's no limit set yet, or the user's limit is the same as the
156 ## existing one, or the client's local and we're not checking for
157 ## spam anyway. Whichever way, it's safe to set it now.
158 warn set acl_m_spam_limit = $acl_m_this_spam_limit
163 SECTION(acl, data-spam)m4_dnl
165 require acl = data_spam
167 SECTION(acl, misc)m4_dnl
170 ## See if we should do this check.
171 accept acl = skip_spam_check
173 ## Check header validity.
174 require verify = header_syntax
176 ## Check the message for spam, comparing to the configured limit.
177 deny spam = exim:true
178 message = Tinned meat product detected ($spam_score)
179 condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \
182 ## Insert headers from the spam check now that we've decided to
183 ## accept the message.
186 ## Convert the limit (currently 10x fixed point) into a
187 ## decimal for presentation.
188 set acl_m_spam_limit_presentation = \
189 ${sg{$acl_m_spam_limit}{\N(\d)$\N}{.\$1}}
191 ## Convert the report into something less obnoxious. Plain
192 ## old SpamAssassin has an `X-Spam-Status' header which
193 ## lists the matched rules and provides some other basic
194 ## information. Try to extract something similar from the
197 ## This is rather fiddly.
199 ## Firstly, escape angle brackets, because we'll be using
200 ## them for our own purposes.
201 set acl_m_spam_tests = ${sg{$spam_report}{([!<>])}{!\$1}}
203 ## Trim off the blurb paragraph and the preview. The rest
204 ## should be fairly well behaved. Wrap double angle-
205 ## brackets around the remainder; these can't appear in the
206 ## body because we escaped them all earlier.
207 set acl_m_spam_tests = \
208 ${sg{$acl_m_spam_tests} \
209 {\N^(?s).*\n Content analysis details:(.*)$\N} \
212 ## Extract the information about the matching rules and
213 ## their scores. Leave `<<...>>' around everything else.
214 set acl_m_spam_tests = \
215 ${sg{$acl_m_spam_tests} \
216 {\N(?s)\n\s*(-?[\d.]+)\s+([-\w]+)\s\N} \
219 ## Strip everything still in `<<...>>' pairs, including any
220 ## escaped characters inside.
221 set acl_m_spam_tests = \
222 ${sg{$acl_m_spam_tests}{\N(?s)<<([^!>]+|!.)*>>\N}{}}
224 ## Trim off a trailing comma.
225 set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{,\s*\$}{}}
227 ## Undo the escaping.
228 set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}}
230 ## Insert the headers.
231 add_header = X-SpamAssassin-Score: \
232 $spam_score/$acl_m_spam_limit_presentation \
234 add_header = X-SpamAssassin-Status: \
236 limit=$acl_m_spam_limit_presentation, \n\t\
237 tests=$acl_m_spam_tests
243 ###----- That's all, folks --------------------------------------------------
~mdw / exim-config / blob