logs archiveIRC Archive / Freenode / #exim / 2015 / July / 20 / 1
R3turn
How can I whitelist a recipient so that it's mail never gets scanned through spamassasin?
jgh_
find your acl verb that calls out for the scanning, add a condition early on for it that checks the recipient
many possible ways of doing that check; how depends on your needs and how your possible-recipient info is currently organised
R3turn
I'm new to exim and I'm using debian's config so I'm not sure where that acl is that's calling spamassasin.. I know it has spamd_address set, but that's just a general setting and not an acl
notkoos
R3turn: it would necessarily be the data ACL :)
jgh_
you can either read the deb docs or config method/sequence (I can't help with any of that), or you can read the Exim docs and edit the actual Exim configuration
rjek
Be careful: at DATA time there may be multiple recipients: what if one of them is listed as "don't scan" and the other is? You can't selectively reject at DATA
jgh_
for deb staff start at https://github.com/Exim/exim/wiki/DebianExim4 (Debian do it Differently)
s/staff/suff/
argh. sTuff.
R3turn
it looks like it's not doing any deny by default, it's just doing "warn" so spam will probably just pass with a warning right now ;)
jgh_
rjek: there's an extension now builtin to modern Exim that allows exactly that, but the client must support and request it: PRDR
         

rjek
Yeah, but which clients actually do :)
jgh_
exim :)
rjek
... if the extension is enabled :)
jgh_
which it is, by default
the alternative I've used is to track the recipient prefs at rcpt time, and temp-reject any with differing data-time filtering
rjek
Yeah, I ended up simply forbidding differing domains in one transaction, as filtering settings are per-domain
Which makes me sad
jgh_
you're in bad company; big G does that too
rjek
(Action) nods
It's pretty unlikely that two domains have the same filtering settings anyway, at least for us
I use an identical defer message to GMail just in case people trigger special behavior on it
R3turn
I added 'accept condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/sa-whitelist} {yes}{no}}' at the top of my acl_check_data .. Shouldn't that be accepting any recipients listed in sa-whitelist file and skip spamassassin checks (which are defined below)? .. At least it doesn't seem to work :(
rjek
I don't think $domain is available during DATA?
R3turn
oh.
I need $sender_host_address ?
rjek
That'll be an IP address
Do you want the address of the /recipient/ or the /sender/ ?
R3turn
i needed the recipient so $sender_host_address whas totally wrong anyway :)
rjek
If the recipient, I believe that is not available during DATA, because they may be multiple recipients.
R3turn
hmm, so it's not easily done ..
jgh_
there is $recipients - and it it a list...
henk
You could set recipients_max to 1 &
R3turn
can't I itterate through $recipients and search in /etc/exim4/sa-whitelist ? And accept if any of the recipients are found? That would actually be good enough
rjek
(Action) spams everybody on R3turn's mail server successfully by simply CCing somebody in the whitelist :)
R3turn
rjek: I know but spammers don't know that :)
notkoos
R3turn: it can be expected to happen accidentally ;) see ExiscanExamples for a recipe to do defers
         

jgh_
yes; look into the "foreach" expansion condition
R3turn
Okay got it working :)
Now I see in the mainlog that for every message that's greylisted, or rejected by a blacklist, I get something like this: 2015-07-20 11:42:48 unexpected disconnection while reading SMTP command from (95.104.119.74) [95.104.119.74]
is this normal?
rjek
The sending server disconnected rudely and abruptly.
And yes
Spammers don't tend to bother with the courtesy of sending QUIT when you tell them to GTFO
R3turn
Okay but I have this for every greylisted message too
rjek
Today's phish is info@*, bah.
R3turn
It turns out debian by default is not blocking email that's considered spam by spamassassin. It's just adding headers. Can anyone please point out to me how I can make it block the messages? Or preferably just put them in temporary folder (maildir) so I can verify them easily
rjek
Add a deny ACL; the wiki has bags of examples
R3turn
ok but I don't think I understand exactly what 'spam = Debian-exim:true' is supposed to do? It now has a "warn spam = Debian-exim:true' and then add_header.. According to the comments it's adding headers in case it's judged to be spam. But isn't this always adding the headers when it went to spamassassin?
jgh_
read up on acl conditions
henk
R3turn: no, it is
R3turn
okay, so adding the :true will always return true and always add headers. So I can add a "deny spam = Debian-exim" rule and add a condition for spam score for example. If I understand the acl documentation correctly
I'm not using remove_header and add_header (in acl/40_exim4-config_check_data) to add a ***SPAM*** prefix to subject when spamassassin marks a message as spam. But I don't understand how I can now adjust it to store spam somewhere instead of delivering it. Can anyone please point me in the right direction?
s/not/now
jgh_
find the router that does this "delivery". Prepend a router, of type redirect, that catches relevant items and directs to a folder of your choice
YmrDtnJu
hi. i would like to add a header in a transport containing the name of the router and the transport, but only $transport_name works. $router_name seems to be unset in headers_add of the a transport. the documentation in generic options for transports says, that $router_name is available in debug_print. is it not in headers_add?
jgh_
exim version?
YmrDtnJu
4.85
jgh_
why not add it in the router?
YmrDtnJu
jgh_: because i would like to have the transport's name as well.
i could use two different headers of course.
jgh_
so add that one in the transport...
YmrDtnJu
i would like to have only one header.
the content of the header should be "$message_exim_id@$primary_hostname:$router_name:$transport_name".
jgh_
could you use address_data ?
henk
YamakasY_: Why do you want that? Maybe we can suggest an alternative solution &
YmrDtnJu
jgh_: will address_data contain the name of the router?
jgh_
only if you set it
YmrDtnJu
hmm i would have to change other parts of the configuration if i change the content of address_data.
jgh_
that depends on the rest of your configuration, which is why I asked
YmrDtnJu
having the router's name is not so important. i would have been nice to have it.
jgh_
ah, only "nice"... henk's query is on-point
YmrDtnJu
hmm that query wasn't for me...
jgh_
it is now!
YmrDtnJu
the idea is, to have exim add that header. :-)
its ok, if that does not work. just wanted to be sure.
jgh_
pfthht. Why ?
YmrDtnJu
why not?
jgh_
because the log already has that info., Why o you care any further?
YmrDtnJu
its easier for me just to look at the header.
YamakasY_
henk: what ? GW ?
henk: I can't do difference as I need Lx4NAT
*different
it are 3 machines loadbalanced
from wan to lan and the other way around
henk: and as I need client IP's @ the lan side from my lan... I need to do lx4nat
henk
YamakasY_: oh, sorry for the highlight, I failed at tab-completing /-:
YmrDtnJu: Basically all your reasoning is "I want" AFAIU, is that correct? There is no purpose for any of that other than some idea in your head, right?
R3turn
I'm now using greylistd and it seems to work well to fight agains a lot of spam. But now I have a problem with gmail.com.. they seem to resend emails from a different ip so they are getting greylisted over and over again
is there a good workaround for that?
YamakasY_
henk: hehe ? no problem :)
« prev next »