synapse unsync

This will add spam and av scanning to Exim4 configuration at smtp time - note it does not use Exiscan. It will also add a ***SPAM*** marker to the subject line of mails whose spam score is between our minimum spam threshold and the upper spam threshold above which spam mail will be automatically rejected. Exim will also check DNSBLs for known spam sources. This configuration has been tested with Exim 4.63. These steps also assume that your have spamassassin and clamav installed, configured and working. If your settings for these very from my examples below you will need to adjust things as required. Now on to the configuration …

In the Main configuration section of exim.conf

• add the av scanner. This assumes you have installed clamav, the path to the socket in clamd’s configuration must match the path you specify here:
  

  av_scanner = clamd:/var/run/clamd.exim/clamd.sock

• add spamd, by default spamd listens on port 783. If your spamd is using a different socket then change this as appropriate:
  

  spamd_address = 127.0.0.1 783

• add in a system filter. We will use the system filter to rewrite the subject line on mails which are identified as spam. If you put the system filter in a different location or name the file differently adjust this entry as needed:
  

  system_filter = /etc/exim/system.filter

  For our purposes a system filter can be quite simple, all it does it to rewrite the subject line of spam emails …

  if $header_X-Spam-Flag: contains "YES"
then
headers remove subject
headers add "Subject: $h_X-Spam-Subject:"
endif


In the “begin acl” section of your exim.conf file find the “acl_check_rcpt:” acl. There are several sections in this acl which are processed in order. There should be a section that looks like:

accept hosts =+relay_from_hosts
= submission


• add the DNSBL processing:
  

  deny message = DNSBL listed at $dnslist_domain\n$dnslist_text
dnslists = zen.spamhaus.org:bl.spamcop.net:cbl.abuseat.org:psbl.surriel.com

Now find the acl_check_data: acl

• near the top add the virus scanner check:
  

  deny malware = *
message = This message contains a virus ($malware_name).

• next we start our spam handling - if the email is too large just let it in, the spamassassin processing for large emails is very demanding, also typical spam emails are not large. In this case we will allow messages larger than 100000 bytes through as they are relatively unlikely to be spam
  

  accept condition = ${if >= {$message_size}{100000} {1}}
add_header = X-Spam-Note: Spamassassin run bypassed due to message size

• next we allow spamassassin to fail or time out
  

  warn spam = nobody/defer_ok
add_header = X-Spam-Flag: YES

• now add an X-Spam-Report header for messages <80k in size
  

  warn condition = ${if <{$message_size}{80k}{1}{0}}
message = X-Spam-Report: $spam_report
spam = nobody:true

• add a note if spamassassin invocation fails
  

  accept condition = ${if !def:spam_score_int {1}}
add_header = X-Spam-Note: Spamassassin invocation failed

• add the X-Spam headers if the spam score is above the minimum
  

  warn condition = ${if >{$spam_score_int}{45}{1}}
add_header = X-Spam-Subject: ***SPAM*** $h_subject
add_header = X-Spam-Bar: $spam_bar
add_header = X-Spam-Flag: YES
add_header = X-Spam-Report: $spam_report


• reject all mail with a spamscore above your “reject because it’s total rubbish, I never want to read it” maximum spam score
  

  deny condition = ${if >{$spam_score_int}{110} {1}}
message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
$spam_report


• the last line in this acl should be to accept any mail which has passed our anti-virus and spam testing so
  

  accept

… and that is it. The DNSBLs I use I’ve found to be reliable and have an almost 0% rejection of non-spam emails but your mileage might vary so experiment to find the ones which suit you the best (it could be worth checking out the article “Which ones work well” at www.dnsbl.com as a starting point). To check how things are running you can tail the exim log file (tail -f /var/log/exim/main.log)