m4_define(<:SPAMLIMIT_SET:>,
<:address_data = \
${if def:address_data {$address_data}{}} \
- $1:>)
+ m4_ifelse(<:$2:>, <::>, <::>, <:$2 \
+ :>)$1:>)
m4_define(<:SPAMLIMIT_LOOKUP:>,
<:condition = ${if exists{$1}}
- SPAMLIMIT_SET(<:${lookup {$2$3$4@$5/$6} nwildlsearch {$1} \
- {SPAMLIMIT_CHECK($value)}}:>):>)
+ SPAMLIMIT_SET(<:${lookup {$2@$3/$4} nwildlsearch {$1} \
+ {SPAMLIMIT_CHECK(<:$value:>)}}:>, <:$5:>):>)
m4_define(<:SPAMLIMIT_USERV:>,
<:SPAMLIMIT_SET(<:${run {/usr/bin/timeout 5s \
userv CONF_userv_opts \
SHQUOTE($1) exim-spam-limit \
- SHQUOTE($6) SHQUOTE($2) SHQUOTE($3) \
- SHQUOTE($4) SHQUOTE(@$5)} \
- {SPAMLIMIT_CHECK($value)}}:>):>)
+ SHQUOTE($4) \
+ SHQUOTE($2) SHQUOTE(@$3)} \
+ {SPAMLIMIT_CHECK(<:$value:>)}}:>, <:$5:>):>)
+
+m4_define(<:GET_ADDRDATA:>,
+ <:extract{<:$1:>}{${if def:address_data{$address_data}{}}}:>)
SECTION(global, policy)m4_dnl
spamd_address = CONF_spamd_address CONF_spamd_port
-SECTION(routers, allspam)m4_dnl
-## If we're verifying an address and the recipient has a `~/.mail/spam-limit'
-## file, then look up the recipient and sender addresses to find a plausible
-## limit and insert it into the `address_data' where the RCPT ACL can find
-## it. This router always declines, so it doesn't affect the overall outcome
-## of the verification.
-SPAMLIMIT_ROUTER(fetch_spam_limit_lookup)
- check_local_user
- local_part_suffix = CONF_user_suffix_list
- local_part_suffix_optional = true
- SPAMLIMIT_LOOKUP(CONF_userconf_dir/spam-limit,
- $local_part_prefix, $local_part, $local_part_suffix, $domain,
- $sender_address)
-
-SPAMLIMIT_ROUTER(fetch_spam_limit_userv)
- check_local_user
- local_part_suffix = CONF_user_suffix_list
- local_part_suffix_optional = true
- condition = ${if exists{CONF_userconf_dir/spam-limit.userv}}
- SPAMLIMIT_USERV(SHQUOTE($local_part),
- $local_part_prefix, $local_part, $local_part_suffix, $domain,
- $sender_address)
-
SECTION(acl, rcpt-hooks)m4_dnl
## Do per-recipient spam-filter processing.
require acl = rcpt_spam
accept hosts = +trusted
accept condition = ${if eq{$acl_c_mode}{submission}}
+ ## If all domains have disabled spam checking then don't check.
+ accept !condition = $acl_c_spam_check_domain
+
## Otherwise we should check.
deny
rcpt_spam:
+ ## If this is a virtual domain, and it says `spam-check=no', then we
+ ## shouldn't check spam. But we can't check domains at DATA time, so
+ ## instead we must track whether all recipients have disabled
+ ## checking.
+ warn !domains = ${if exists{CONF_sysconf_dir/domains.conf} \
+ {partial0-lsearch; CONF_sysconf_dir/domains.conf} \
+ {}}
+ set acl_c_spam_check_domain = true
+ warn !condition = $acl_c_spam_check_domain
+ condition = DOMKV(spam-check, {${expand:$value}}{true})
+ set acl_c_spam_check_domain = true
+
## See if we should do this check.
accept acl = skip_spam_check
## during recipient verification. (This just saves duplicating this
## enormous expression.)
warn set acl_m_this_spam_limit = \
- ${sg {${extract {spam_limit} \
- {${if def:address_data \
- {$address_data}{}}} \
- {$value}{nil}}} \
+ ${sg {${GET_ADDRDATA(spam_limit){$value}{nil}}} \
{^(|.*\\D.*)\$}{CONF_spam_max}}
+ warn condition = ${GET_ADDRDATA(user){true}{false}}
+ set acl_m_spam_users = \
+ ${if def:acl_m_spam_users {$acl_m_spam_users::}{}}\
+ ${GET_ADDRDATA(user) \
+ {$value=${sg{$local_part@$domain}\
+ {([!:])}{!\$1}}} \
+ fail}
+
## If there's a spam limit already established, and it's different
## from this user's limit, then the sender will have to try this user
## again later.
## All done.
accept
-SECTION(acl, data-spam)m4_dnl
+SECTION(acl, data-hooks)m4_dnl
## Do spam checking.
require acl = data_spam
require verify = header_syntax
## Check the message for spam, comparing to the configured limit.
- deny spam = exim:true
- message = Tinned meat product detected ($spam_score)
- condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \
- {true}{false}}
+ warn spam = exim:true
- ## Insert headers from the spam check now that we've decided to
- ## accept the message.
+ ## Format some reporting stuff.
warn
## Convert the limit (currently 10x fixed point) into a
## Undo the escaping.
set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}}
- ## Insert the headers.
- add_header = X-SpamAssassin-Score: \
+ ## If we've decided to reject, then leave a dropping in the log file
+ ## so that users can analyse rejections for incoming messages, and
+ ## tell the sender to get knotted.
+ deny message = Tinned meat product detected ($spam_score)
+ log_message = Spam rejection \
+ score=$spam_score \
+ limit=$acl_m_spam_limit_presentation \
+ tests=$acl_m_spam_tests \
+ users=$acl_m_spam_users
+ condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \
+ {true}{false}}
+
+ ## Insert headers from the spam check now that we've decided to
+ ## accept the message.
+ warn
+ ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Score: \
$spam_score/$acl_m_spam_limit_presentation \
- ($spam_bar)
- add_header = X-SpamAssassin-Status: \
+ ($spam_bar):>)
+ ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Status: \
score=$spam_score, \
limit=$acl_m_spam_limit_presentation, \n\t\
- tests=$acl_m_spam_tests
+ tests=$acl_m_spam_tests:>)
## We're good.
accept