I have a server setup using your tutorial and it does a great job of removing spam however I do forward a few domains to exchange servers and would like to have the same rules applied, is there any way to do this?
This is how I route domains in the Routers config :
static_route:
driver = manualroute
condition = "${perl{checkspam}}" # have just added this but it doesnt' seem to do anything
transport = remote_smtp
route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}
Could I just get SA to scan the mqueue spool? if so how do I do this.
Thanks
Ash
ACL below for ref
################################
#!!# ACL that is used after the RCPT command
check_recipient:
accept hosts = :
drop hosts = /etc/exim_deny
!hosts = /etc/exim_deny_whitelist
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
!hosts = +relay_hosts
!authenticated = *
drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}
# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 3s
# Forged hostname -HELOs as one of my own IPs
# Forged HELO (our ip/hostname)
deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = 3s
#Forged hostname - HELOs as my own hostname or domain
deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards.
# accept helo which is in local_domain if we relay or had smtp auth
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
delay = 3s
# Hacked HELO (DOMAIN.com) (constructed by viruses)
deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
delay = 3s
#if it gets here it isn't mailman
#sender verifications are required for all messages that are not sent to lists
require verify = sender/callout
accept domains = +local_domains
endpass
#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests
message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
verify = recipient
accept domains = +relay_domains
warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts
warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *
deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender
##
# Reject messages with serious MIME container errors
##
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject messages attach attach a file with a CLSID in the name
# which causes Windows to hide the file extension.
deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition:
.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$# Reject messages attach illegal extension files
deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.
# You might need to remove some of these extensions if you want to allow your user get these files
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mde:msc:
si:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc
# Reject email contains Virus
deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = */defer_ok
# Add X-Scanned Header
warn message = X-Antivirus-Scanner: Clean mail but you should still use Antivirus
# Messages larger than 200k are accepted without spam scanning to reduce spamd load
accept condition = ${if >{$message_size}{200k}{true}}
# Reject spam messages with score over 15.
# Keep in mind that $spam_score_int is the messages score multiplied by ten.
deny message = Spam score too high ($spam_score)
# Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{150}{1}{0}}
# Add a warning header if email scored between 12 and 15.
# Delete email in the System Filter File, if sender or receiver is not listed in the whitelists.
warn message = X-Exiscan-SA-Spam: Yes
# Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{120}{1}{0}}
# Rewrite subject if email scored between 9 and 15.
# Always put X-Spam-Score header in the message.
# It looks like this:
# X-Exiscan-SA-Score: 6.6 (++++++)
# When a MUA cannot match numbers, it can match for an
# equivalent number of '+' signs.
warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\
# Put X-Spam-Report header in the message.
# This is a multiline header that informs the user
# which tests a message has "hit", and how much a
# test has contributed to the score.
\nX-Exiscan-SA-Report: $spam_report\
# For the subject tag, we prepare a new subject header in the
# ACL, then swap it with the original Subject in the system filter.
\nX-Exiscan-SA-New-Subject: *SPAM* $h_subject:
# Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{90}{1}{0}}
accept