| [c5c522c] | 1 | $Id: exim.txt,v 1.1 2005/03/11 21:16:03 jonz Exp $ |
|---|
| 2 | |
|---|
| 3 | EXIM 4 INTEGRATION |
|---|
| 4 | |
|---|
| 5 | Please follow the instructions in the README for building DSPAM. Once DSPAM |
|---|
| 6 | has been built, the following instructions may be used to integrate it with |
|---|
| 7 | exim. |
|---|
| 8 | |
|---|
| 9 | To integrate DSPAM with exim 4, you'll need to create a new director in the |
|---|
| 10 | exim configuration. First, add the following code to the directors: |
|---|
| 11 | |
|---|
| 12 | spamscan: |
|---|
| 13 | no_verify |
|---|
| 14 | condition = "${if and {{!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}" |
|---|
| 15 | driver = accept |
|---|
| 16 | transport = spamcheck |
|---|
| 17 | require_files = /usr/local/var/dspam:\ |
|---|
| 18 | +/usr/local/bin |
|---|
| 19 | |
|---|
| 20 | This code tells exim to run spamcheck unless the message was marked by |
|---|
| 21 | the agent with the spam-scanned protocol, or if it is local mail (to prevent |
|---|
| 22 | loops). |
|---|
| 23 | |
|---|
| 24 | If you're using an alternative prefix, adjust the pathnames to match. |
|---|
| 25 | |
|---|
| 26 | Then add the following code to the transports section. This code defines |
|---|
| 27 | how dspam is called by exim for scanning email: |
|---|
| 28 | |
|---|
| 29 | spamcheck: |
|---|
| 30 | driver = pipe |
|---|
| 31 | command = /usr/local/bin/dspam --deliver=innocent --user $local_part -- %u |
|---|
| 32 | user = mail |
|---|
| 33 | group = mail |
|---|
| 34 | return_path_add = false |
|---|
| 35 | log_output = true |
|---|
| 36 | return_fail_output = true |
|---|
| 37 | |
|---|
| 38 | If you're using virtual users on the system, you may wish to include the |
|---|
| 39 | domain as part of the username: |
|---|
| 40 | |
|---|
| 41 | command = /usr/local/bin/dspam --deliver=innocent --user "$local_part@$domain" -- %u |
|---|
| 42 | |
|---|
| 43 | Finally, you will need to configure and compile DSPAM. DSPAM will most likely |
|---|
| 44 | end up calling exim again for delivery, using the spam-scanned protocol to |
|---|
| 45 | identify scanned messages. The most common example is: |
|---|
| 46 | |
|---|
| 47 | ./configure --with-delivery-agent="/usr/sbin/exim -oMr spam-scanned" |
|---|
| 48 | |
|---|
| 49 | RUNNING WITHOUT PRIVILEGED EXIM USERS |
|---|
| 50 | |
|---|
| 51 | The problem with setting the $received_protocol in the transport is that only |
|---|
| 52 | privileged Exim users are allowed to do so. With the setup below, DSPAM can |
|---|
| 53 | run as a nonprivileged user. The problem, however, is that this header could |
|---|
| 54 | be easily spoofed: |
|---|
| 55 | |
|---|
| 56 | condition = "${if and {\ |
|---|
| 57 | {!def:h_X-DSPAM-Check:}\ |
|---|
| 58 | }{1}{0}}" |
|---|
| 59 | headers_add = "X-DSPAM-Check: by $primary_hostname on $tod_full" |
|---|
| 60 | |
|---|
| 61 | |
|---|
| 62 | DIRECTORY SETTINGS |
|---|
| 63 | |
|---|
| 64 | When changing the user/group it is highly advisable to set "home_directory" |
|---|
| 65 | and "current_directory" to match the DSPAM home: |
|---|
| 66 | |
|---|
| 67 | home_directory = "/usr/local/var/dspam" # or /tmp |
|---|
| 68 | current_directory = "/usr/local/var/dspam" # or /tmp |
|---|
| 69 | |
|---|
| 70 | Otherwise, the transport might try to run DSPAM in something like /home/bob |
|---|
| 71 | under certain circumstances. This will most likely fail if DSPAM runs as |
|---|
| 72 | "mail". |
|---|
| 73 | |
|---|
| 74 | PASS-THROUGH |
|---|
| 75 | |
|---|
| 76 | For a pass-through setup where DSPAM feeds all processed messages back to |
|---|
| 77 | Exim it is also a good idea to set "prefix" and "suffix" to an empty |
|---|
| 78 | string: |
|---|
| 79 | prefix = "" |
|---|
| 80 | suffix = "" |
|---|
| 81 | |
|---|
| 82 | ALIASES |
|---|
| 83 | |
|---|
| 84 | There is no need to create aliases for every user on the system in order to |
|---|
| 85 | handle spam reports and false positives. They can be handled by directors |
|---|
| 86 | and transports, using the following directors: |
|---|
| 87 | |
|---|
| 88 | dspam_addspam: |
|---|
| 89 | prefix = spam- |
|---|
| 90 | driver = localuser |
|---|
| 91 | transport = addspam |
|---|
| 92 | |
|---|
| 93 | dspam_falsepositive: |
|---|
| 94 | prefix = falsepos- |
|---|
| 95 | driver = localuser |
|---|
| 96 | transport = falsepositive |
|---|
| 97 | |
|---|
| 98 | For every $user on the system, these directors will handle messages |
|---|
| 99 | addressed to "spam-$user@localhost" and "falsepos-$user@localhost", strip |
|---|
| 100 | the prefix from the address, and pass the message to the respective |
|---|
| 101 | transport. This requires two additional transports: |
|---|
| 102 | |
|---|
| 103 | addspam: |
|---|
| 104 | driver = pipe |
|---|
| 105 | command = "/path/to/dspam --user $local_part --class=spam --source=error" |
|---|
| 106 | return_path_add = false |
|---|
| 107 | return_fail_output = true |
|---|
| 108 | log_output = true |
|---|
| 109 | home_directory = "/path/to/dspam/dspam-home" # or "/tmp" |
|---|
| 110 | current_directory = "/path/to/dspam/dspam-home" # or "/tmp" |
|---|
| 111 | user = mail |
|---|
| 112 | group = mail |
|---|
| 113 | prefix = "" |
|---|
| 114 | suffix = "" |
|---|
| 115 | falsepositive: |
|---|
| 116 | driver = pipe |
|---|
| 117 | command = "/path/to/dspam --user $local_part --class=innocent --source=error --deliver=innocent %u" |
|---|
| 118 | return_path_add = false |
|---|
| 119 | return_fail_output = true |
|---|
| 120 | log_output = true |
|---|
| 121 | home_directory = "/path/to/dspam-home" # or "/tmp" |
|---|
| 122 | current_directory = "/path/to/dspam-home" # or "/tmp" |
|---|
| 123 | user = mail |
|---|
| 124 | group = mail |
|---|
| 125 | prefix = "" |
|---|
| 126 | suffix = "" |
|---|
| 127 | |
|---|
| 128 | This way, all users are handled transparently. No fiddling with aliases is |
|---|
| 129 | required as you add or remove users. |
|---|
| 130 | |
|---|
| 131 | |
|---|
