Pkg exim4 users - May 2011 - AV and SA in default template file

Hi, rather than post a bug I thought it best to discuss this first,  
here are some changes I propose to the default template file to make  
AV and Spam functions more simple to activate.


Any thoughts?


For AV:

   .ifdef CHECK_DATA_MALWARE_SCAN
   deny
     malware = *
     message = This message was detected as possible malware ($malware_name).
   .endif

For SA:

   .ifdef CHECK_DATA_SPAM_LIMIT
   deny
     !acl = acl_local_deny_exceptions
     message = Spam score too high ($spam_score)
     spam = nobody
     condition = ${if >{$spam_score_int}{CHECK_DATA_SPAM_LIMIT}{1}{0}}
   .endif

   .ifdef CHECK_DATA_SPAM_HEADERS
   warn
     !acl = acl_local_deny_exceptions
     message = X-SA-Score: $spam_score ($spam_score_int) $spam_bar
     spam = nobody:true

   warn
     !acl = acl_local_deny_exceptions
     message = X-SA-Report: $spam_report
     spam = nobody:true
     condition = ${if >{$spam_score_int}{0}{true}{false}}

   # Mozilla compatible spam flag
   warn
     !acl = acl_local_deny_exceptions
     message = X-Spam-Flag: Yes
     spam = nobody:true
     condition = ${if >{$spam_score_int}{50}{true}{false}}
   .endif



-- 
Jonathan Plews - jonathan at plews.org.uk

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL:
<http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110519/7e492d52/attachment.pgp>

In <20110519155447.13744ua0amr2ti4g at support.syn.co.uk>, Jonathan Plews
wrote:
>Hi, rather than post a bug I thought it best to discuss this first,
>here are some changes I propose to the default template file to make
>AV and Spam functions more simple to activate.
>
>Any thoughts?
I found it unnecessary to modify the files provided by exim4-config and I 
instead was simply able to add files.

/etc/exim4/conf.d/local/acl_check_data:
drop
        message = This message contains "$malware_name" (malware).
        malware = */defer_ok
        delay = 2m

drop
        spam = Debian-exim:true/defer_ok
        message = This message is ${spam_score_int}% SPAM.
        add_header = X-Spam-Score: $spam_score ($spam_bar)
        condition = ${if >= {$spam_score_int}{1} {1}{0}}
        set acl_m_spam_delay = ${if < {$spam_score_int}{300}
{$spam_score_int}{300}}
        delay = ${acl_m_spam_delay}s
        condition = ${if >= {$spam_score_int}{10} {1}{0}}
        add_header = X-Spam-Report: $spam_report
        condition = ${if >= {$spam_score_int}{100} {1}{0}}

/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs-local:
# Enables our virus scanning.
CHECK_DATA_LOCAL_ACL_FILE = CONFDIR/conf.d/local/acl_check_data

(This one should be "stock")
/etc/exim4/conf.d/acl/40_exim4-config_check_data:

### acl/40_exim4-config_check_data
#################################

# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message''s headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.

acl_check_data:

  # Deny unless the address list headers are syntactically correct.
  #
  # If you enable this, you might reject legitimate mail.
  .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    message = Message headers fail syntax check
    !acl = acl_local_deny_exceptions
    !verify = header_syntax
  .endif


  # require that there is a verifiable sender address in at least
  # one of the "Sender:", "Reply-To:", or "From:"
header lines.
  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_local_deny_exceptions
    !verify = header_sender
  .endif


  # Deny if the message contains malware. Before enabling this check, you
  # must install a virus scanner and set the av_scanner option in the
  # main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  # deny
  #   malware = *
  #   message = This message was detected as possible malware ($malware_name).


  # Add headers to a message if it is judged to be spam. Before enabling this,
  # you must install SpamAssassin. You also need to set the spamd_address
  # option in the main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  # Please note that this is only suiteable as an example. There are
  # multiple issues with this configuration method. For example, if you go
  # this way, you''ll give your spamassassin daemon write access to the
  # entire exim spool which might be a security issue in case of a
  # spamassassin exploit.
  #
  # See the exim docs and the exim wiki for more suitable examples.
  #
  # warn
  #   spam = Debian-exim:true
  #   message = X-Spam_score: $spam_score\n\
  #             X-Spam_score_int: $spam_score_int\n\
  #             X-Spam_bar: $spam_bar\n\
  #             X-Spam_report: $spam_report


  # This hook allows you to hook in your own ACLs without having to
  # modify this file. If you do it like we suggest, you''ll end up with
  # a small performance penalty since there is an additional file being
  # accessed. This doesn''t happen if you leave the macro unset.
  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif


  # accept otherwise
  accept

I am using split configs.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss at iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-''(. .)`-''
http://iguanasuicide.net/                    \_/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110519/21bb84fc/attachment.pgp>

Quoting "Boyd Stephen Smith Jr." <bss at iguanasuicide.net>:
> In <20110519155447.13744ua0amr2ti4g at support.syn.co.uk>, Jonathan
Plews wrote:
>> Hi, rather than post a bug I thought it best to discuss this first,
>> here are some changes I propose to the default template file to make
>> AV and Spam functions more simple to activate.
>>
>> Any thoughts?
>
> I found it unnecessary to modify the files provided by exim4-config and I
> instead was simply able to add files.
>
...
>
> I am using split configs.
> --
Am I the only one using the template maybe? I quite like it, and think  
being able to stick

CHECK_DATA_MALWARE_SCAN = true
CHECK_DATA_SPAM_HEADERS = true

in localmacros to get both scanning elements active would be useful.


however, after some thought CHECK_DATA_SPAM_LIMIT should be a simple  
on/off rather than a value, and just have it set to 120 or so.

Regards

-- 
Jonathan Plews - jonathan at plews.org.uk

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL:
<http://lists.alioth.debian.org/pipermail/pkg-exim4-users/attachments/20110520/6facf5f9/attachment.pgp>