On Thu, Oct 9, 2014 at 4:14 PM, John Hardin <jhar...@impsec.org> wrote:
> On Thu, 9 Oct 2014, John Traweek CCNA, Sec+ wrote:
>
> I've built a gateway server using sa-exim to filter email for our
>>
>
> This topic comes up fairly regularly. Did you search the list archives on
> terms like "exchange bayes" ?
>
Since the OP mentioned exim, I'll share a bit of how I did something
similar. While I have Exchange in the picture, most of my users are not on
it.
I wanted to be able to fully reject mail at SMTP time if SpamAssassin (SA
does not block mail <g>) and not worry about whether exim would change the
log format if I did a 'fakereject'. SMTP rejects are nice since I do not
quarantine spam. I didn't see elsewhere, either on the SA wiki or
elsewhere, so figured I'd share and maybe help out somewhere..
I use exim's native SA integration, not sa-exim. I also use dovecot for my
IMAP users' mailboxes, and this is where my spam mail goes.
In my data ACL within exim.conf, I have:
---------------
# Call SA and add some headers to the email delivered via normal means if
it's non-spam
warn spam = spam:true/defer_ok
add_header = X-Spam-Score: $spam_score ($spam_bar)
add_header = X-Spam-Report: $spam_report
# If it's spam (defined as an SA score > 5), then run my custom deliver
script against the copy of the email in the exim mail spool.
# Exim's mail spool copy won't have the above added headers, so need to do
so here to see them in the spam mailbox.
warn condition = ${if >{$spam_score_int}{50}{1}{0}}
condition = ${run{/home/spam/bin/deliver incoming-spam
$spool_directory/scan/$message_id/$message_id.eml 'X-Spam-Score:
$spam_score\nX-Spam-Report: $spam_report'}}
deny condition = ${if >{$spam_score_int}{50}{1}{0}}
message = .....
-------------
/home/spam/bin/deliver contains:
----------------
#!/bin/bash
MAILBOX=$1
FILE=$2
shift
shift
HEADERS="$*"
TMPFILE=/tmp/deliver.$$
echo -e "$HEADERS" >> $TMPFILE
# Exim writes out a standard mbox-style From line, remove it
cat $FILE | tail -n +2 >> $TMPFILE
# Dovecot must be root to do direct delievery
cat $TMPFILE | sudo /usr/libexec/dovecot/deliver -d spam -m $MAILBOX
rm $TMPFILE
--
HTH, YMMV, HANW :)
Jason
The path to enlightenment is /usr/bin/enlightenment.
