### -*-m4-*- ### ### Spam filtering for distorted.org.uk Exim configuration ### ### (c) 2012 Mark Wooding ### ###----- Licensing notice --------------------------------------------------- ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### This program is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with this program; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. DIVERT(null) ###-------------------------------------------------------------------------- ### Spam filtering. ## The Exim documentation tells lies. ## ## : *${run{*<_command_>* *<_args_>*}{*<_string1_>*}{*<_string2_>*}}* ## : The command and its arguments are first expanded separately, [...] ## ## They aren't. The whole command-and-args are expanded together, and then ## split at unquoted spaces. This unpleasant hack sorts out the mess. m4_define(<:SHQUOTE:>, <:"${rxquote:$1}":>) ## Utilities for collecting spam limits. m4_define(<:SPAMLIMIT_CHECK:>, <:${if match{$1}{\N^-?[0-9]+$\N} {spam_limit=$1} {}}:>) m4_define(<:SPAMLIMIT_ROUTER:>, <:$1: driver = redirect data = :unknown: verify_only = true condition = ${if !eq{$acl_c_mode}{submission}} condition = ${extract{spam_limit}{$address_data}{false}{true}}:>) m4_define(<:SPAMLIMIT_SET:>, <:address_data = \ ${if def:address_data {$address_data}{}} \ m4_ifelse(<:$2:>, <::>, <::>, <:$2 \ :>)$1:>) m4_define(<:SPAMLIMIT_LOOKUP:>, <:condition = ${if exists{$1}} SPAMLIMIT_SET(<:${lookup {$2@$3/$4} nwildlsearch {$1} \ {SPAMLIMIT_CHECK(<:$value:>)}}:>, <:$5:>):>) m4_define(<:SPAMLIMIT_USERV:>, <:SPAMLIMIT_SET(<:${run {/usr/bin/timeout 5s \ /usr/bin/userv CONF_userv_opts \ SHQUOTE($1) exim-spam-limit \ SHQUOTE($4) \ SHQUOTE($2) SHQUOTE(@$3)} \ {SPAMLIMIT_CHECK(<:$value:>)}}:>, <:$5:>):>) m4_define(<:GET_ADDRDATA:>, <:extract{<:$1:>}{${if def:address_data{$address_data}{}}}:>) SECTION(global, policy)m4_dnl spamd_address = CONF_spamd_address CONF_spamd_port SECTION(acl, rcpt-hooks)m4_dnl ## Do per-recipient spam-filter processing. require acl = rcpt_spam SECTION(acl, misc)m4_dnl skip_spam_check: ## If the client is trusted, or this is a new submission, don't ## bother with any of this. We will have verified the sender ## fairly aggressively before granting this level of trust. accept hosts = +trusted accept condition = ${if eq{$acl_c_mode}{submission}} ## If all domains have disabled spam checking then don't check. accept !condition = $acl_c_spam_check_domain ## Otherwise we should check. deny rcpt_spam: ## If this is a virtual domain, and it says `spam-check=no', then we ## shouldn't check spam. But we can't check domains at DATA time, so ## instead we must track whether all recipients have disabled ## checking. warn !domains = ${if exists{CONF_sysconf_dir/domains.conf} \ {partial0-lsearch; CONF_sysconf_dir/domains.conf} \ {}} set acl_c_spam_check_domain = true warn !condition = $acl_c_spam_check_domain condition = DOMKV(spam-check, {${expand:$value}}{true}) set acl_c_spam_check_domain = true ## See if we should do this check. accept acl = skip_spam_check ## Always accept mail to `postmaster'. Currently this is not ## negotiable; maybe a tweak can be added to `domains.conf' if ## necessary. accept local_parts = postmaster ## Collect the user's spam threshold from the `address_data' ## variable, where it was left by the `fetch_spam_limit' router ## during recipient verification. (This just saves duplicating this ## enormous expression.) warn set acl_m_this_spam_limit = \ ${sg {${GET_ADDRDATA(spam_limit){$value}{nil}}} \ {^(|.*\\D.*)\$}{CONF_spam_max}} warn condition = ${GET_ADDRDATA(user){true}{false}} set acl_m_spam_users = \ ${if def:acl_m_spam_users {$acl_m_spam_users::}{}}\ ${GET_ADDRDATA(user) \ {$value=${sg{$local_part@$domain}\ {([!:])}{!\$1}}} \ fail} ## If there's a spam limit already established, and it's different ## from this user's limit, then the sender will have to try this user ## again later. defer !hosts = +trusted message = "You'd better try this one later" condition = ${if def:acl_m_spam_limit {true}{false}} condition = ${if ={$acl_m_spam_limit} \ {$acl_m_this_spam_limit} \ {false}{true}} ## There's no limit set yet, or the user's limit is the same as the ## existing one, or the client's local and we're not checking for ## spam anyway. Whichever way, it's safe to set it now. warn set acl_m_spam_limit = $acl_m_this_spam_limit ## All done. accept SECTION(acl, data-hooks)m4_dnl ## Do spam checking. require acl = data_spam SECTION(acl, misc)m4_dnl data_spam: ## See if we should do this check. accept acl = skip_spam_check ## Check header validity. require verify = header_syntax ## Check the message for spam, comparing to the configured limit. warn spam = exim:true ## Format some reporting stuff. warn ## Convert the limit (currently 10x fixed point) into a ## decimal for presentation. set acl_m_spam_limit_presentation = \ ${sg{$acl_m_spam_limit}{\N(\d)$\N}{.\$1}} ## Convert the report into something less obnoxious. Plain ## old SpamAssassin has an `X-Spam-Status' header which ## lists the matched rules and provides some other basic ## information. Try to extract something similar from the ## report. ## ## This is rather fiddly. ## Firstly, escape angle brackets, because we'll be using ## them for our own purposes. set acl_m_spam_tests = ${sg{$spam_report}{([!<>])}{!\$1}} ## Trim off the blurb paragraph and the preview. The rest ## should be fairly well behaved. Wrap double angle- ## brackets around the remainder; these can't appear in the ## body because we escaped them all earlier. set acl_m_spam_tests = \ ${sg{$acl_m_spam_tests} \ {\N^(?s).*\n Content analysis details:(.*)$\N} \ {<<\$1>>}} ## Extract the information about the matching rules and ## their scores. Leave `<<...>>' around everything else. set acl_m_spam_tests = \ ${sg{$acl_m_spam_tests} \ {\N(?s)\n\s*(-?[\d.]+)\s+([-\w]+)\s\N} \ {>>\$2:\$1,<<}} ## Strip everything still in `<<...>>' pairs, including any ## escaped characters inside. set acl_m_spam_tests = \ ${sg{$acl_m_spam_tests}{\N(?s)<<([^!>]+|!.)*>>\N}{}} ## Trim off a trailing comma. set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{,\s*\$}{}} ## Undo the escaping. set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}} ## If we've decided to reject, then leave a dropping in the log file ## so that users can analyse rejections for incoming messages, and ## tell the sender to get knotted. deny message = Tinned meat product detected ($spam_score) log_message = Spam rejection \ score=$spam_score \ limit=$acl_m_spam_limit_presentation \ tests=$acl_m_spam_tests \ users=$acl_m_spam_users condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \ {true}{false}} ## Insert headers from the spam check now that we've decided to ## accept the message. warn ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Score: \ $spam_score/$acl_m_spam_limit_presentation \ ($spam_bar):>) ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Status: \ score=$spam_score, \ limit=$acl_m_spam_limit_presentation, \n\t\ tests=$acl_m_spam_tests:>) ## We're good. accept DIVERT(null) ###----- That's all, folks --------------------------------------------------