Mauro Cenacchi
2011-Nov-08 09:50 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
Hi I want that spamassassin check incoming mail only. In "/etc/exim4/exim4.conf.template" I have enabled this line: spamd_address = 127.0.0.1 783 and this ACL: warn spam = Debian-exim:true message = X-Spam_score: $spam_score\n\ X-Spam_score_int: $spam_score_int\n\ X-Spam_bar: $spam_bar\n\ X-Spam_report: $spam_report but all mail is checked (incoming and outgoing). I don''t want to use spamassassin for mail sent from my local network (192.168.0.*) because my server is slow. I use a smarthost configuration and my "update-exim4.conf.conf" is: dc_eximconfig_configtype=''smarthost'' dc_other_hostnames=''pigreco.191.it'' dc_local_interfaces='''' dc_readhost=''pigreco.191.it'' dc_relay_domains='''' dc_minimaldns=''true'' dc_relay_nets=''192.168.0.0/24'' dc_smarthost=''out.impresasemplice.it'' CFILEMODE=''644'' dc_use_split_config=''false'' dc_hide_mailname=''true'' dc_mailname_in_oh=''true'' dc_localdelivery=''mail_spool'' I don''t find tutorial that help me :( Thank, BuDuS.
Johann Spies
2011-Nov-08 12:11 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
Hallo Mauro,> I want that spamassassin check incoming mail only. > > I don''t find tutorial that help me :(Did you read the HOWTO in /usr/share/doc/HOWTO/en-html/Spam-Filtering-for-MX and the results of a search on Google like http://www.sput.nl/software/exim.html#rcpt ? Regards Johann -- Johann Spies Telefoon: 021-808 4699 Databestuurder / Data manager Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie Centre for Research on Evaluation, Science and Technology Universiteit Stellenbosch. "And whosoever liveth and believeth in me shall never die. Believest thou this?" John 11:26
Mauro Cenacchi
2011-Nov-08 13:32 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
Thank Johann
I have added this lines:
# Accept mail received over local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
# Also accept mails received from hosts for which we relay mail.
#
accept
hosts = : +relay_from_hosts
# Accept if the message arrived over an authenticated connection, from
# any host.
#
accept
authenticated = *
in my "exim4.conf.template" and seems to be work.
2011/11/8 Johann Spies <jspies at sun.ac.za>:> Hallo Mauro,
>
>> I want that spamassassin check incoming mail only.
>>
>> I don''t find tutorial that help me :(
>
> Did you read the HOWTO in
> /usr/share/doc/HOWTO/en-html/Spam-Filtering-for-MX
>
> and
>
> the results of a search on Google ?like
> http://www.sput.nl/software/exim.html#rcpt ?
>
> Regards
> Johann
> --
> Johann Spies ? ? ? ? ? ? ? ? ? ? ? ? ? ?Telefoon: 021-808 4699
> Databestuurder / ?Data manager
>
> Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie
> Centre for Research on Evaluation, Science and Technology
> Universiteit Stellenbosch.
>
> ? ? "And whosoever liveth and believeth in me shall never
> ? ? ?die. Believest thou this?" ? ?John 11:26
>
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users
>
Mauro Cenacchi
2011-Nov-15 15:38 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
I sang victory too soon. :( All mail (incoming and outgoing) is not checked from spamassassin. I get the incoming mail with fetchmail - from my ISP - and delivery it to exim4; possible that fetchmail may be seen as an internal host (authenticated or local trusted host) ? 2011/11/8 Mauro Cenacchi <studio.pigreco at gmail.com>:> Thank Johann > > I have added this lines: > > ?# Accept mail received over local SMTP (i.e. not over TCP/IP). > ?# We do this by testing for an empty sending host field. > ?# Also accept mails received from hosts for which we relay mail. > ?# > ?accept > ? ?hosts ? ? ? = : +relay_from_hosts > > ?# Accept if the message arrived over an authenticated connection, from > ?# any host. > ?# > ?accept > ? ?authenticated = * > > in my "exim4.conf.template" and seems to be work. > > 2011/11/8 Johann Spies <jspies at sun.ac.za>: >> Hallo Mauro, >> >>> I want that spamassassin check incoming mail only. >>> >>> I don''t find tutorial that help me :( >> >> Did you read the HOWTO in >> /usr/share/doc/HOWTO/en-html/Spam-Filtering-for-MX >> >> and >> >> the results of a search on Google ?like >> http://www.sput.nl/software/exim.html#rcpt ? >> >> Regards >> Johann >> -- >> Johann Spies ? ? ? ? ? ? ? ? ? ? ? ? ? ?Telefoon: 021-808 4699 >> Databestuurder / ?Data manager >> >> Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie >> Centre for Research on Evaluation, Science and Technology >> Universiteit Stellenbosch. >> >> ? ? "And whosoever liveth and believeth in me shall never >> ? ? ?die. Believest thou this?" ? ?John 11:26 >> >> _______________________________________________ >> Pkg-exim4-users mailing list >> Pkg-exim4-users at lists.alioth.debian.org >> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users >> >
Regid Ichira
2011-Nov-16 01:59 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
You might try starting over from where all mail were checked (incoming and outgoing). And limit the ACL that was referred to in your original posting to those messages where the sender is not from your local network. Even if that sound reasonable, I don''t know how to write the actual configuration. --- On Tue, 11/15/11, Mauro Cenacchi <studio.pigreco at gmail.com> wrote:> From: Mauro Cenacchi <studio.pigreco at gmail.com> > Subject: Re: [Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network > To: pkg-exim4-users at lists.alioth.debian.org > Date: Tuesday, November 15, 2011, 3:38 PM > I sang victory too soon. :( > > All mail (incoming and outgoing) is not checked from > spamassassin. > > I get the incoming mail with fetchmail - from my ISP - and > delivery it > to exim4; possible that fetchmail may be seen as an > internal host (> authenticated or local trusted host) ? > > 2011/11/8 Mauro Cenacchi <studio.pigreco at gmail.com>: > > Thank Johann > > > > I have added this lines: > > > > ?# Accept mail received over local SMTP (i.e. not > over TCP/IP). > > ?# We do this by testing for an empty sending host > field. > > ?# Also accept mails received from hosts for which we > relay mail. > > ?# > > ?accept > > ? ?hosts ? ? ? = : +relay_from_hosts > > > > ?# Accept if the message arrived over an > authenticated connection, from > > ?# any host. > > ?# > > ?accept > > ? ?authenticated = * > > > > in my "exim4.conf.template" and seems to be work. > > > > 2011/11/8 Johann Spies <jspies at sun.ac.za>: > >> Hallo Mauro, > >> > >>> I want that spamassassin check incoming mail > only. > >>> > >>> I don''t find tutorial that help me :( > >> > >> Did you read the HOWTO in > >> > /usr/share/doc/HOWTO/en-html/Spam-Filtering-for-MX > >> > >> and > >> > >> the results of a search on Google ?like > >> http://www.sput.nl/software/exim.html#rcpt ? > >> > >> Regards > >> Johann > >> -- > >> Johann Spies ? ? ? ? ? ? ? ? ? ? ? ? > ? ?Telefoon: 021-808 4699 > >> Databestuurder / ?Data manager > >> > >> Sentrum vir Navorsing oor Evaluasie, Wetenskap en > Tegnologie > >> Centre for Research on Evaluation, Science and > Technology > >> Universiteit Stellenbosch. > >> > >> ? ? "And whosoever liveth and believeth in me > shall never > >> ? ? ?die. Believest thou this?" ? ?John > 11:26 > >> > >> _______________________________________________ > >> Pkg-exim4-users mailing list > >> Pkg-exim4-users at lists.alioth.debian.org > >> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users > >> > > > > _______________________________________________ > Pkg-exim4-users mailing list > Pkg-exim4-users at lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users >
Johann Spies
2011-Nov-16 06:48 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
On Tue, Nov 15, 2011 at 05:38:52PM +0200, Mauro Cenacchi wrote:> I sang victory too soon. :( > > > ?# > > ?accept > > ? ?hosts ? ? ? = : +relay_from_hosts >Please show us the lines from your real configuration file (/var/lib/exim4/config.autogenerated) that controls which mail are sent to spamassassin. I was email administrator for some years but don''t have access to my previous configurations now and I don''t do this regularly so my knowledge is not that fresh. Make sure that all email coming from some other network than your own are sent to spamassassin. Something like warn (or deny) hosts = !192.168.0.0/24 <spamassassin reference> Regards Johann -- Johann Spies Telefoon: 021-808 4699 Databestuurder / Data manager Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie Centre for Research on Evaluation, Science and Technology Universiteit Stellenbosch. "Therefore being justified by faith, we have peace with God through our Lord Jesus Christ." Romans 5:1
Mauro Cenacchi
2011-Nov-16 11:10 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
Thank Johann
My "/var/lib/exim4/config.autogenerated":
# BEGIN
#########
...cut...
#########
MAIN_TLS_ENABLE = true
AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS=1
exim_path = /usr/sbin/exim4
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
UPEX4CmacrosUPEX4C = 1
##############################################
# the following macro definitions were created
# dynamically by /usr/sbin/update-exim4.conf
.ifndef DC_minimaldns
DC_minimaldns=1
.endif
.ifndef MAIN_HARDCODE_PRIMARY_HOSTNAME
MAIN_HARDCODE_PRIMARY_HOSTNAME=pigreco.191.it
.endif
.ifndef HIDE_MAILNAME
HIDE_MAILNAME=1
.endif
.ifndef MAIN_PACKAGE_VERSION
MAIN_PACKAGE_VERSION=4.69-9+lenny4
.endif
.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS=@:localhost:pigreco.191.it
.endif
.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS=empty
.endif
.ifndef ETC_MAILNAME
ETC_MAILNAME=pigreco.191.it
.endif
.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=mail_spool
.endif
.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS=192.168.0.0/24 : 127.0.0.1 : ::::1
.endif
.ifndef DCreadhost
DCreadhost=pigreco.191.it
.endif
.ifndef DCsmarthost
DCsmarthost=out.impresasemplice.it
.endif
.ifndef DC_eximconfig_configtype
DC_eximconfig_configtype=smarthost
.endif
.ifndef DCconfig_smarthost
DCconfig_smarthost=1
.endif
##############################################
domainlist local_domains = MAIN_LOCAL_DOMAINS
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
hostlist relay_from_hosts = MAIN_RELAY_NETS
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif
.ifndef LOCAL_DELIVERY
LOCAL_DELIVERY=mail_spool
.endif
gecos_pattern = ^([^,:]*)
gecos_name = $1
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
spamd_address = 127.0.0.1 783
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
.ifdef MAIN_TLS_ENABLE
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
.ifdef MAIN_TLS_CERTKEY
tls_certificate = MAIN_TLS_CERTKEY
.else
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
.endif
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif
.ifdef MAIN_LOG_SELECTOR
log_selector = MAIN_LOG_SELECTOR
.endif
begin acl
acl_local_deny_exceptions:
accept
hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
{CONFDIR/host_local_deny_exceptions}\
{}}
accept
senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
{CONFDIR/sender_local_deny_exceptions}\
{}}
accept
hosts = ${if exists{CONFDIR/local_host_whitelist}\
{CONFDIR/local_host_whitelist}\
{}}
accept
senders = ${if exists{CONFDIR/local_sender_whitelist}\
{CONFDIR/local_sender_whitelist}\
{}}
.ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
.endif
.ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
.endif
acl_check_mail:
.ifdef CHECK_MAIL_HELO_ISSUED
deny
message = no HELO given before MAIL command
condition = ${if def:sender_helo_name {no}{yes}}
.endif
accept
acl_check_rcpt:
accept
hosts = :
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
domains = +local_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
domains = !+local_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
accept
.ifndef CHECK_RCPT_POSTMASTER
local_parts = postmaster
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
domains = +local_domains : +relay_to_domains
.ifdef CHECK_RCPT_VERIFY_SENDER
deny
message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
.endif
deny
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_callout}\
{CONFDIR/local_sender_callout}\
{}}
!verify = sender/callout
accept
hosts = +relay_from_hosts
control = submission/sender_retain
accept
authenticated = *
control = submission/sender_retain
require
message = relay not permitted
domains = +local_domains : +relay_to_domains
require
verify = recipient
deny
!acl = acl_local_deny_exceptions
recipients = ${if exists{CONFDIR/local_rcpt_callout}\
{CONFDIR/local_rcpt_callout}\
{}}
!verify = recipient/callout
deny
message = sender envelope address $sender_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
!acl = acl_local_deny_exceptions
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
deny
message = sender IP address $sender_host_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
!acl = acl_local_deny_exceptions
hosts = ${if exists{CONFDIR/local_host_blacklist}\
{CONFDIR/local_host_blacklist}\
{}}
.ifdef CHECK_RCPT_REVERSE_DNS
warn
message = X-Host-Lookup-Failed: Reverse DNS lookup failed for
$sender_host_address (${if
eq{$host_lookup_failed}{1}{failed}{deferred}})
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
.endif
.ifdef CHECK_RCPT_SPF
deny
message = [SPF] $sender_host_address is not allowed to send mail
from ${if def:sender_address_domain
{$sender_address_domain}{$sender_helo_name}}. \
Please see http://www.openspf.org/Why?scope=${if
def:sender_address_domain {mfrom}{helo}};identity=${if
def:sender_address_domain
{$sender_address}{$sender_helo_name}};ip=$sender_host_address
log_message = SPF check failed.
!acl = acl_local_deny_exceptions
condition = ${run{/usr/bin/spfquery --ip \"$sender_host_address\"
--mail-from \"$sender_address\" --helo
\"$sender_helo_name\"}\
{no}{${if eq {$runrc}{1}{yes}{no}}}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}
warn
message = Received-SPF: ${if eq {$runrc}{0}{pass}{${if eq
{$runrc}{2}{softfail}\
{${if eq {$runrc}{3}{neutral}{${if eq
{$runrc}{4}{unknown}{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}
warn
log_message = Unexpected error in SPF check.
condition = ${if >{$runrc}{6}{yes}{no}}
warn
message = X-SPF-Guess: ${run{/usr/bin/spfquery --ip
\"$sender_host_address\" --mail-from \"$sender_address\" \
--helo
\"$sender_helo_name\" --guess true}\
{pass}{${if eq
{$runrc}{2}{softfail}{${if eq {$runrc}{3}{neutral}{${if eq
{$runrc}{4}{unknown}\
{${if eq {$runrc}{6}{none}{error}}}}}}}}}}
condition = ${if <={$runrc}{6}{yes}{no}}
defer
message = Temporary DNS error while checking SPF record. Try again later.
condition = ${if eq {$runrc}{5}{yes}{no}}
.endif
.ifdef CHECK_RCPT_IP_DNSBLS
warn
message = X-Warning: $sender_host_address is listed at
$dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_host_address is listed at $dnslist_domain
($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
.endif
.ifdef CHECK_RCPT_DOMAIN_DNSBLS
warn
message = X-Warning: $sender_address_domain is listed at
$dnslist_domain ($dnslist_value: $dnslist_text)
log_message = $sender_address_domain is listed at $dnslist_domain
($dnslist_value: $dnslist_text)
!senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
{CONFDIR/local_domain_dnsbl_whitelist}\
{}}
dnslists = CHECK_RCPT_DOMAIN_DNSBLS
.endif
.ifdef CHECK_RCPT_LOCAL_ACL_FILE
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
accept
domains = +relay_to_domains
endpass
verify = recipient
accept
acl_check_data:
.ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
deny
message = Message headers fail syntax check
!acl = acl_local_deny_exceptions
!verify = header_syntax
.endif
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif
accept
hosts = : +relay_from_hosts
accept
authenticated = *
warn
spam = Debian-exim:true
message = X-Spam_score: $spam_score\n\
X-Spam_score_int: $spam_score_int\n\
X-Spam_bar: $spam_bar\n\
X-Spam_report: $spam_report
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
accept
begin routers
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
domain_literal:
debug_print = "R: domain_literal for $local_part@$domain"
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
.endif
hubbed_hosts:
debug_print = "R: hubbed_hosts for $domain"
driver = manualroute
domains = "${if exists{CONFDIR/hubbed_hosts}\
{partial-lsearch;CONFDIR/hubbed_hosts}\
fail}"
same_domain_copy_routing = yes
route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
transport = remote_smtp
.ifdef DCconfig_internet
dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for
$local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more
dnslookup:
debug_print = "R: dnslookup for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
same_domain_copy_routing = yes
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
.endif
.ifdef DCconfig_local
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more
.endif
.ifdef DCconfig_smarthost DCconfig_satellite
smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
no_more
.endif
COND_LOCAL_SUBMITTER = "\
${if match_ip{$sender_host_address}{:@[]}\
{1}{0}\
}"
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
condition = COND_LOCAL_SUBMITTER
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY
system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
.ifdef SYSTEM_ALIASES_USER
user = SYSTEM_ALIASES_USER
.endif
.ifdef SYSTEM_ALIASES_GROUP
group = SYSTEM_ALIASES_GROUP
.endif
.ifdef SYSTEM_ALIASES_FILE_TRANSPORT
file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
.endif
.ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
.endif
.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user
hub_user_smarthost:
debug_print = "R: hub_user_smarthost for $local_part@$domain"
driver = manualroute
domains = DCreadhost
transport = remote_smtp_smarthost
route_list = * DCsmarthost byname
host_find_failed = defer
same_domain_copy_routing = yes
check_local_user
.endif
userforward:
debug_print = "R: userforward for $local_part@$domain"
driver = redirect
domains = +local_domains
check_local_user
file = $home/.forward
require_files = $local_part:$home/.forward
no_verify
no_expn
check_ancestor
allow_filter
forbid_smtp_code = true
directory_transport = address_directory
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
skip_syntax_errors
syntax_errors_to = real-$local_part@$domain
syntax_errors_text = \
This is an automatically generated message. An error has\n\
been found in your .forward file. Details of the error are\n\
reported below. While this error persists, you will receive\n\
a copy of this message for every message that is addressed\n\
to you. If your .forward file is a filter file, or if it is\n\
a non-filter file containing no valid forwarding addresses,\n\
a copy of each incoming message will be put in your normal\n\
mailbox. If a non-filter file contains at least one valid\n\
forwarding address, forwarding to the valid addresses will\n\
happen, and those will be the only deliveries that occur.
procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
require_files = ${local_part}:\
${if exists{/etc/procmailrc}\
{/etc/procmailrc}{${home}/.procmailrc}}:\
+/usr/bin/procmail
no_verify
no_expn
maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn
.ifndef FIRST_USER_ACCOUNT_UID
FIRST_USER_ACCOUNT_UID = 0
.endif
.ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
.endif
COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
${if and{{! match_ip{$sender_host_address}{:@[]}}\
{<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
{1}{0}\
}"
lowuid_aliases:
debug_print = "R: lowuid_aliases for $local_part@$domain (UID
$local_user_uid)"
check_local_user
driver = redirect
allow_fail
domains = +local_domains
condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
data = ${if exists{/etc/exim4/lowuid-aliases}\
{${lookup{$local_part}lsearch{/etc/exim4/lowuid-aliases}\
{$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY
cannot_route_message = Unknown user
mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail
begin transports
.ifdef HIDE_MAILNAME
REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1 at DCreadhost frs :
*@ETC_MAILNAME $1 at DCreadhost frs
REMOTE_SMTP_RETURN_PATH=${if
match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if
match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
REMOTE_SMTP_HELO_DATA=${lookup dnsdb
{ptr=$sending_ip_address}{$value}{$primary_hostname}}
.endif
address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output
address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply
mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
mode_fail_narrower = false
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
directory = MAILDIR_HOME_MAILDIR_LOCATION
.else
directory = $home/Maildir
.endif
.ifdef MAILDIR_HOME_CREATE_DIRECTORY
create_directory
.endif
.ifdef MAILDIR_HOME_CREATE_FILE
create_file = MAILDIR_HOME_CREATE_FILE
.endif
delivery_date_add
envelope_to_add
return_path_add
maildir_format
.ifdef MAILDIR_HOME_DIRECTORY_MODE
directory_mode = MAILDIR_HOME_DIRECTORY_MODE
.else
directory_mode = 0700
.endif
.ifdef MAILDIR_HOME_MODE
mode = MAILDIR_HOME_MODE
.else
mode = 0600
.endif
mode_fail_narrower = false
maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add
procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
helo_data=REMOTE_SMTP_HELO_DATA
.endif
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$sender_address}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_FROM_DNS
helo_data=REMOTE_SMTP_HELO_DATA
.endif
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
check_string = ""
escape_string = ""
maildir_format
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
.ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
{$value}fail}" Ffrs
.endif
begin authenticators
cram_md5:
driver = cram_md5
public_name = CRAM-MD5
client_name
${extract{1}{:}{${lookup{$sender_address}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
client_secret
${extract{2}{:}{${lookup{$sender_address}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
PASSWDLINE=${sg{\
${lookup{$sender_address}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
}\
{\\N[\\^]\\N}\
{^^}\
}
plain:
driver = plaintext
public_name = PLAIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if !eq{$tls_cipher}{}\
{^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
}fail}"
.else
client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
login:
driver = plaintext
public_name = LOGIN
.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
client_send = "<; ${if and{\
{!eq{$tls_cipher}{}}\
{!eq{PASSWDLINE}{}}\
}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.else
client_send = "<; ${if !eq{PASSWDLINE}{}\
{}fail}\
; ${extract{1}{::}{PASSWDLINE}}\
; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
.endif
# END
2011/11/16 Johann Spies <jspies at sun.ac.za>:> On Tue, Nov 15, 2011 at 05:38:52PM +0200, Mauro Cenacchi wrote:
>> I sang victory too soon. :(
>> > > ?#
>> > ?accept
>> > ? ?hosts ? ? ? = : +relay_from_hosts
>>
>
> Please show us the lines from your real configuration file
> (/var/lib/exim4/config.autogenerated) that controls which mail are sent
> to spamassassin.
>
> I was email administrator for some years but don''t have access to
my
> previous configurations now and I don''t do this regularly so my
> knowledge is not that fresh.
>
> Make sure that all email coming from some other network than your own
> are sent to spamassassin.
>
> Something like
>
> warn (or deny)
>
> ? ? hosts = !192.168.0.0/24
>
> ? ? <spamassassin reference>
>
> Regards
> Johann
> --
> Johann Spies ? ? ? ? ? ? ? ? ? ? ? ? ? ?Telefoon: 021-808 4699
> Databestuurder / ?Data manager
>
> Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie
> Centre for Research on Evaluation, Science and Technology
> Universiteit Stellenbosch.
>
> ? ? "Therefore being justified by faith, we have peace
> ? ? ?with God through our Lord Jesus Christ." ? ?Romans 5:1
>
> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-exim4-users
>
Johann Spies
2011-Nov-16 12:13 UTC
[Pkg-exim4-users] How to skip spamassassin check for outgoing mail from local network
On Wed, Nov 16, 2011 at 01:10:49PM +0200, Mauro Cenacchi wrote:> My "/var/lib/exim4/config.autogenerated":This is the section of concern:> acl_check_data: > > .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX > deny > message = Message headers fail syntax check > !acl = acl_local_deny_exceptions > !verify = header_syntax > .endif > > .ifdef CHECK_DATA_VERIFY_HEADER_SENDER > deny > message = No verifiable sender address in message headers > !acl = acl_local_deny_exceptions > !verify = header_sender > .endif > > accept > hosts = : +relay_from_hosts > > accept > authenticated = * > > warn > spam = Debian-exim:true > message = X-Spam_score: $spam_score\n\ > X-Spam_score_int: $spam_score_int\n\ > X-Spam_bar: $spam_bar\n\ > X-Spam_report: $spam_report > > .ifdef CHECK_DATA_LOCAL_ACL_FILE > .include CHECK_DATA_LOCAL_ACL_FILE > .endif > > acceptThe Debian setup with all these MACRO''s makes it very difficult to read the file. I have seen a clean setup example at http://www.maretmanu.org/homepage/inform/exim-spam.php#spam. See the acl_check_data section and how this person handles ''own_hosts'' in this acl. That is the type of thing you need. Regards Johann -- Johann Spies Telefoon: 021-808 4699 Databestuurder / Data manager Sentrum vir Navorsing oor Evaluasie, Wetenskap en Tegnologie Centre for Research on Evaluation, Science and Technology Universiteit Stellenbosch. "Therefore being justified by faith, we have peace with God through our Lord Jesus Christ." Romans 5:1