Pkg exim4 users - Jun 2007 - Exim configuration values not accepted

I''ve got exim working, spamd running, and clamAV installed. Messages
received by exim are marked with a spam score, but no action is taken
on them even when the score is very high, and there''s no virus
evaluation.

My impression is that to get exim to use spamd and clamav, I need to
make two changes to /etc/exim4/exim4.conf.template

When I put av_scanner = clamd:/tmp/clamd (although I have no such
file) into exim4.conf.template

# /etc/init.d/exim4 restart
Stopping MTA for restart:2007-06-22 22:38:43 Exim configuration error 
  in line 115 of /var/lib/exim4/config.autogenerated.tmp:
  main option "av_scanner" unknown
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp
not installing /var/lib/exim4/config.autogenerated.tmp to 
/var/lib/exim4/config.autogenerated

When I put spamd_address = 127.0.0.1 783 into it I get:

$ sudo /etc/init.d/exim4 restart
Stopping MTA for restart:2007-06-22 22:46:20 Exim configuration error 
  in line 115 of /var/lib/exim4/config.autogenerated.tmp:
  main option "spamd_address" unknown
Invalid new configfile /var/lib/exim4/config.autogenerated.tmp
not installing /var/lib/exim4/config.autogenerated.tmp to 
/var/lib/exim4/config.autogenerated

I''m having a very hard time reconciling documentation with itself and
with my Debian etch. For example, I want to filter at SMTP time, but
the exim document does not seem to mention that, but speaks of
filtering at ACL run.

-- 
 
       Haines Brown

On Fri, Jun 22, 2007 at 11:39:42PM -0400, Haines Brown
wrote:
> I''ve got exim working, spamd running, and clamAV installed.
Messages
> received by exim are marked with a spam score, but no action is taken
> on them even when the score is very high, and there''s no virus
> evaluation.
Looks like you didn''t establish any ACL rules.
> My impression is that to get exim to use spamd and clamav, I need to
> make two changes to /etc/exim4/exim4.conf.template
> 
> When I put av_scanner = clamd:/tmp/clamd (although I have no such
> file) into exim4.conf.template
> 
> # /etc/init.d/exim4 restart
> Stopping MTA for restart:2007-06-22 22:38:43 Exim configuration error 
>   in line 115 of /var/lib/exim4/config.autogenerated.tmp:
>   main option "av_scanner" unknown
> Invalid new configfile /var/lib/exim4/config.autogenerated.tmp
> not installing /var/lib/exim4/config.autogenerated.tmp to 
> /var/lib/exim4/config.autogenerated
> 
> When I put spamd_address = 127.0.0.1 783 into it I get:
> 
> $ sudo /etc/init.d/exim4 restart
> Stopping MTA for restart:2007-06-22 22:46:20 Exim configuration error 
>   in line 115 of /var/lib/exim4/config.autogenerated.tmp:
>   main option "spamd_address" unknown
> Invalid new configfile /var/lib/exim4/config.autogenerated.tmp
> not installing /var/lib/exim4/config.autogenerated.tmp to 
> /var/lib/exim4/config.autogenerated
You need to run exim4-daemon-heavy. And you need to adapt your ACLs.
> I''m having a very hard time reconciling documentation with itself
and
> with my Debian etch. For example, I want to filter at SMTP time, but
> the exim document does not seem to mention that, but speaks of
> filtering at ACL run.
ACLs run at SMTP time.

I suggest that you visit the upstream wiki for documentation.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

> On Fri, Jun 22, 2007 at 11:39:42PM -0400, Haines Brown wrote:
> > I''ve got exim working, spamd running, and clamAV installed.
Messages
> > received by exim are marked with a spam score, but no action is taken
> > on them even when the score is very high, and there''s no
virus
> > evaluation.
> 
> Looks like you didn''t establish any ACL rules.
Thanks for the tip to install exim4-daemon-heavy. Had no idea that was
necessary in order that  av_scanner = clamd:/tmp/clamd and
spamd_address = 127.0.0.1 783 lines in exim4.conf.template required by
it. At least I can now restart exim4 with those lines uncommented.
> You need to run exim4-daemon-heavy. And you need to adapt your ACLs.
I was not clear what you meant by "adapt" my ACLs. I read Chapter 7 of
the exim manual concerning concerning the configuration file and ACL
configuration in particular. It seems largely a description of the
various ACL files, but I saw nothing that explicitly gets exim to use
spamd and clamAV. And I find that my mail with spam scores above 5 are
still not being blocked.
> I suggest that you visit the upstream wiki for documentation.
I assume you refer to http://www.exim.org/eximwiki/. It pointed to the
document above and a FAQ. I looked at exim4 -bF <filename> option to
test system filter, but got lost, and assume that my filter is
working, and problem is only that messages with spam scores over 5 are
not being rejected. 

I encountered the direction to make exim4 use Maildir format
mailboxes, and to do this, modify /etc/exim4/update-exim4.conf.conf
so that it contains: dc_localdelivery=''maildir_home'' .
However, I
presently have dc_localdelivery=''mail_spool''. I''m
also using
dc_local_interfaces=''127.0.0.1'' .

-- 
 
       Haines Brown, KB1GRM

On Sat, Jun 23, 2007 at 04:22:47PM -0400, Haines Brown
wrote:
> > On Fri, Jun 22, 2007 at 11:39:42PM -0400, Haines Brown wrote:
> > You need to run exim4-daemon-heavy. And you need to adapt your ACLs.
> 
> I was not clear what you meant by "adapt" my ACLs. I read Chapter
7 of
> the exim manual concerning concerning the configuration file and ACL
> configuration in particular. It seems largely a description of the
> various ACL files, but I saw nothing that explicitly gets exim to use
> spamd and clamAV. And I find that my mail with spam scores above 5 are
> still not being blocked.
Because they are not even scanned.
> > I suggest that you visit the upstream wiki for documentation.
> 
> I assume you refer to http://www.exim.org/eximwiki/. It pointed to the
> document above and a FAQ.
The wiki front page has a link to
http://www.exim.org/eximwiki/EximContentScanning which has much more
documentation like that. How many seconds did you spend in searching?
>  I looked at exim4 -bF <filename> option to test system filter, but
>  got lost, and assume that my filter is working, and problem is only
>  that messages with spam scores over 5 are not being rejected. 
Exiscan has exactly nothing to do with a system filter.
> I encountered the direction to make exim4 use Maildir format
> mailboxes, and to do this, modify /etc/exim4/update-exim4.conf.conf
> so that it contains: dc_localdelivery=''maildir_home'' .
However, I
> presently have dc_localdelivery=''mail_spool''.
I''m also using
> dc_local_interfaces=''127.0.0.1'' .
Mail delivery has exactly nothing to do with exiscan.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

> On Sat, Jun 23, 2007 at 04:22:47PM -0400, Haines Brown wrote:
> > > On Fri, Jun 22, 2007 at 11:39:42PM -0400, Haines Brown wrote:
> > > You need to run exim4-daemon-heavy. And you need to adapt your
ACLs.
> > 
> > I was not clear what you meant by "adapt" my ACLs. 
> 
> Because they are not even scanned.
I don''t understand. If a message is assigned a spam score, must it not
have been scanned?
> > > I suggest that you visit the upstream wiki for documentation.
> > 
> > I assume you refer to http://www.exim.org/eximwiki/. It pointed to the
> > document above and a FAQ.
> 
> The wiki front page has a link to
> http://www.exim.org/eximwiki/EximContentScanning which has much more
> documentation like that. How many seconds did you spend in searching?
I spent hours pouring through this, the FAQ and other documents. The
best I could figure out was to add this to
/etc/exim4/conf.d/40_exim4-config_check_data: 


# put headers in all messages (no matter if spam or not)
warn  spam = nobody:true
      add_header = X-Spam-Score: $spam_score ($spam_bar)
      add_header = X-Spam-Report: $spam_report

# add second subject line with *SPAM* marker when message
# is over threshold
warn  spam = nobody
      add_header = Subject: *SPAM* $h_Subject:

# reject spam at high scores (> 6)
deny  message = This message scored $spam_score spam points.
      spam = nobody:true
      condition = ${if >{$spam_score_int}{120}{1}{0}}

But messages over a score of 6 are not rejected.
> 
> >  I looked at exim4 -bF <filename> option to test system filter,
but
> >  got lost, and assume that my filter is working, and problem is only
> >  that messages with spam scores over 5 are not being rejected. 
> 
> Exiscan has exactly nothing to do with a system filter.
I didn''t mention Exiscan. I thought it had been replaced by
EximContentScanning. The document you directed me to seems largely to
do with Exiscan.

-- 
 
       Haines Brown, KB1GRM

On Sat, Jun 23, 2007 at 08:56:26PM -0400, Haines Brown
wrote:
> > On Sat, Jun 23, 2007 at 04:22:47PM -0400, Haines Brown wrote:
> > > > On Fri, Jun 22, 2007 at 11:39:42PM -0400, Haines Brown
wrote:
> > > > You need to run exim4-daemon-heavy. And you need to adapt
your ACLs.
> > > 
> > > I was not clear what you meant by "adapt" my ACLs. 
> > 
> > Because they are not even scanned.
> 
> I don''t understand. If a message is assigned a spam score, must it
not
> have been scanned?
How do you see that the message is assigned a score?
> > The wiki front page has a link to
> > http://www.exim.org/eximwiki/EximContentScanning which has much more
> > documentation like that. How many seconds did you spend in searching?
> 
> I spent hours pouring through this, the FAQ and other documents. The
> best I could figure out was to add this to
> /etc/exim4/conf.d/40_exim4-config_check_data: 
> 
> 
> # put headers in all messages (no matter if spam or not)
> warn  spam = nobody:true
>       add_header = X-Spam-Score: $spam_score ($spam_bar)
>       add_header = X-Spam-Report: $spam_report
> 
> # add second subject line with *SPAM* marker when message
> # is over threshold
> warn  spam = nobody
>       add_header = Subject: *SPAM* $h_Subject:
> 
> # reject spam at high scores (> 6)
> deny  message = This message scored $spam_score spam points.
>       spam = nobody:true
>       condition = ${if >{$spam_score_int}{120}{1}{0}}
> 
> But messages over a score of 6 are not rejected.
Your code rejects messages over a score of 12. I don''t see any
"6"
outside of the comments.
> > Exiscan has exactly nothing to do with a system filter.
> 
> I didn''t mention Exiscan. I thought it had been replaced by
> EximContentScanning. The document you directed me to seems largely to
> do with Exiscan.
Exim Content Scanning _IS_ exiscan. The only difference is that it
does not need to be patched in any more. Can the package description
of exim4-daemon-heavy be clarified in this direction?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don''t trust Computers. They | Mailadresse
im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

> On Sat, Jun 23, 2007 at 08:56:26PM -0400, Haines Brown wrote:
> > I don''t understand. If a message is assigned a spam score,
must it
> > not have been scanned?
> 
> How do you see that the message is assigned a score?
For example, your message to this list had a spam score of 0:

  X-SA-Exim-Connect-IP: 127.0.0.1
  X-SA-Exim-Mail-From: pkg-exim4-users-bounces+brownh=hartford-hwp.com at
lists.alioth.debian.org
  X-SA-Exim-Scanned: No (on alioth.debian.org); SAEximRunCond expanded to false
  X-SpamScore: 0

However, I don''t understand the line above the spam score, which might
imply it was not scanned. And yet, if my incoming messages are not
scanned, how do they get a score? And I worrry about "SAEximRunCond
expanded to false". I don''t know what it means, but it has an
ominous
sound.
> > # reject spam at high scores (> 6)
> > deny  message = This message scored $spam_score spam points.
> >       spam = nobody:true
> >       condition = ${if >{$spam_score_int}{120}{1}{0}}
> > 
> > But messages over a score of 6 are not rejected.
> 
> Your code rejects messages over a score of 12. I don''t see any
"6"
> outside of the comments.
True. However, I don''t understand the code itself either. This sounds
more like a way to compose a message about rejection than actually
setting rejection itself.

Let me take a step back. Spamassassin is an application that basically
runs out of the box. One installs it and it works. The same is true of
exim except for the configuration dialog that pops up when it is
installed. This configuration dialog said nothing about filters such
as SA or ClamAV, and so presumeably one need only make a simple change
in a configuration file such as to SAEximRunCond = 1. In all my
stumbling about in the documents and FAQ, I''ve yet to see a statement
such as: to enable exim''s use of filters at SMTP time, do...  And yet
everyone else seems to have no problem.
> > > Exiscan has exactly nothing to do with a system filter.
> > 
> > I didn''t mention Exiscan. I thought it had been replaced by
> > EximContentScanning. The document you directed me to seems largely
> > to do with Exiscan.
> 
> Exim Content Scanning _IS_ exiscan. The only difference is that it
> does not need to be patched in any more. Can the package description
> of exim4-daemon-heavy be clarified in this direction?
The package description says: "the content scanning extension
(formerly known as "exiscan-acl")..." While this phrase could
imply it
was the same thing with simply a new name, there''s also a possible
implication that there is a new entity to carry out the same function,
and this is the reason for the name change. The capitalization of
"Exim Content Scanning" tends to reinforce the misimpression that it
is an entity. Entities are often capitalized; functions are not (I am
probably inventing this rule here, so don''t take it too seriously).

-- 
 
       Haines Brown, KB1GRM

Haines Brown wrote:
> For example, your message to this list had a spam score of 0:
> 
>   X-SA-Exim-Connect-IP: 127.0.0.1
>   X-SA-Exim-Mail-From: pkg-exim4-users-bounces+brownh=hartford-hwp.com at
lists.alioth.debian.org
>   X-SA-Exim-Scanned: No (on alioth.debian.org); SAEximRunCond expanded to
false
>   X-SpamScore: 0
> 
> However, I don''t understand the line above the spam score, which
might
> imply it was not scanned. And yet, if my incoming messages are not
> scanned, how do they get a score? And I worrry about "SAEximRunCond
> expanded to false". I don''t know what it means, but it has an
ominous
> sound.
The first three lines were added by SA-Exim, a local_scan plugin (a
different way of calling SpamAssassin) running on alioth.debian.org. The
forth line was presumably added by your system.

-- 
Magnus Holmgren            holmgren at lysator.liu.se