X-Git-Url: https://git.deb.at/?p=debienna.git;a=blobdiff_plain;f=RerunClamavSpamassGreylistd%2Findex.mdwn;h=4c0de5612806bf34772ca69f446e461a6cd18519;hp=fdd3b1c83212f32945cfbd9e198ce108c5d4ab25;hb=c6f22b33cc7cfab9b536b526e700056526a8842b;hpb=bb58b440ee60e34e1c961060195598787087c131 diff --git a/RerunClamavSpamassGreylistd/index.mdwn b/RerunClamavSpamassGreylistd/index.mdwn index fdd3b1c..4c0de56 100644 --- a/RerunClamavSpamassGreylistd/index.mdwn +++ b/RerunClamavSpamassGreylistd/index.mdwn @@ -1,363 +1,364 @@ -== Exim Konfiguration: == - -=== Main === - -zuerst: -{{{ -sudo aptitude install clamav spamassassin spamc greylistd - -adduser clamav Debian-exim -adduser Debian-exim clamav -}}} - -/etc/clamav/clamd.conf -{{{ -#Automatically Generated by clamav-base postinst -#To reconfigure clamd run #dpkg-reconfigure clamav-base -#Please read /usr/share/doc/clamav-base/README.Debian.gz for details -LocalSocket /var/run/clamav/clamd.ctl -FixStaleSocket -User clamav -AllowSupplementaryGroups -ScanMail -ScanArchive -ArchiveMaxRecursion 5 -ArchiveMaxFiles 1000 -ArchiveMaxFileSize 10M -ArchiveMaxCompressionRatio 250 -ReadTimeout 180 -MaxThreads 12 -MaxConnectionQueueLength 15 -LogFile /var/log/clamav/clamav.log -LogTime -LogFileMaxSize 0 -PidFile /var/run/clamav/clamd.pid -DatabaseDirectory /var/lib/clamav -SelfCheck 3600 -ScanOLE2 -ScanPE -DetectBrokenExecutables -ScanHTML -ArchiveBlockMax -}}} - - -/etc/exim4/conf.d/main/02_exim4-config_options -{{{ -### main/02_exim4-config_options -################################# - -av_scanner = clamd:/var/run/clamav/clamd.ctl -spamd_address = 127.0.0.1 783 - -... -}}} - -/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt -{{{ -# This access control list is used for every RCPT command in an incoming -# SMTP message. The tests are run in order until the address is either -# accepted or denied. -# -acl_check_rcpt: - - # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by - # testing for an empty sending host field. - accept hosts = : - - # Add missing Date and Message-ID header for relayed messages - warn hosts = +relay_from_hosts - control = submission/sender_retain - - # The following section of the ACL is concerned with local parts that contain - # @ or % or ! or / or | or dots in unusual places. - # - # The characters other than dots are rarely found in genuine local parts, but - # are often tried by people looking to circumvent relaying restrictions. - # Therefore, although they are valid in local parts, these rules lock them - # out, as a precaution. - # - # Empty components (two dots in a row) are not valid in RFC 2822, but Exim - # allows them because they have been encountered. (Consider local parts - # constructed as "firstinitial.secondinitial.familyname" when applied to - # someone like me, who has no second initial.) However, a local part starting - # with a dot or containing /../ can cause trouble if it is used as part of a - # file name (e.g. for a mailing list). This is also true for local parts that - # contain slashes. A pipe symbol can also be troublesome if the local part is - # incorporated unthinkingly into a shell command line. - # - # Two different rules are used. The first one is stricter, and is applied to - # messages that are addressed to one of the local domains handled by this - # host. It blocks local parts that begin with a dot or contain @ % ! / or |. - # If you have local accounts that include these characters, you will have to - # modify this rule. - deny domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|\'`#&?] - message = restricted characters in address - - # The second rule applies to all other domains, and is less strict. This - # allows your own users to send outgoing messages to sites that use slashes - # and vertical bars in their local parts. It blocks local parts that begin - # with a dot, slash, or vertical bar, but allows these characters within the - # local part. However, the sequence /../ is barred. The use of @ % and ! is - # blocked, as before. The motivation here is to prevent your users (or - # your users' viruses) from mounting certain kinds of attack on remote sites. - - deny domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./ - message = restricted characters in address - - # Accept mail to postmaster in any local domain, regardless of the source, - # and without verifying the sender. - # - accept local_parts = postmaster - domains = +local_domains - - # deny bad senders (envelope sender) - # CONFDIR/local_sender_blacklist holds a list of envelope senders that - # should have their access denied to the local host. Incoming messages - # with one of these senders are rejected at RCPT time. - # - # The explicit white lists are honored as well as negative items in - # the black list. See /usr/share/doc/exim4-config/default_acl for details. - deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster - !acl = acl_whitelist_local_deny - senders = ${if exists{CONFDIR/local_sender_blacklist}\ - {CONFDIR/local_sender_blacklist}\ - {}} - - # deny bad sites (IP address) - # CONFDIR/local_host_blacklist holds a list of host names, IP addresses - # and networks (CIDR notation) that should have their access denied to - # The local host. Messages coming in from a listed host will have all - # RCPT statements rejected. - # - # The explicit white lists are honored as well as negative items in - # the black list. See /usr/share/doc/exim4-config/default_acl for details. - deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster - !acl = acl_whitelist_local_deny - hosts = ${if exists{CONFDIR/local_host_blacklist}\ - {CONFDIR/local_host_blacklist}\ - {}} - - - - # Deny unless the sender address can be verified. - # - # This is disabled by default so that DNSless systems don't break. If - # your system can do DNS lookups without delay or cost, you might want - # to enable the following line. - #deny message = Sender verification failed - # !acl = acl_whitelist_local_deny - # !verify = sender - - # Warn if the sender host does not have valid reverse DNS. - # - # This is disabled by default so that DNSless systems don't break. If - # your system can do DNS lookups without delay or cost, you might want - # to enable the following lines. - # If sender_host_address is defined, it's a remote call. If - # sender_host_name is not defined, then reverse lookup failed. Use - # this instead of !verify = reverse_host_lookup to catch deferrals - # as well as outright failures. - warn message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}}) - condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\ - {yes}{no}} - - ############################################################################# - # There are no checks on DNS "black" lists because the domains that contain - # these lists are changing all the time. You can find examples of - # how to use dnslists in /usr/share/doc/exim4-config/examples/acl - ############################################################################# - - - # Perform greylisting on incoming messages from remote hosts. - # We do NOT greylist messages with no envelope sender, because that - # would conflict with remote hosts doing callback verifications, and we - # might not be able to send mail to such hosts for a while (until the - # callback attempt is no longer greylisted, and then some). - # - # We also check the local whitelist to avoid greylisting mail from - # hosts that are expected to forward mail here (such as backup MX hosts, - # list servers, etc). - # - # Because the recipient address has not yet been verified, we do so - # now and skip this statement for non-existing recipients. This is - # in order to allow for a 550 (reject) response below. If the delivery - # happens over a remote transport (such as "smtp"), recipient callout - # verification is performed, with the original sender intact. - # - defer - message = $sender_host_address is not yet authorized to deliver. \ - Please try later. - log_message = greylisted. - !senders = : - !hosts = : +relay_from_hosts : \ - ${if exists {/etc/greylistd/whitelist-hosts}\ - {/etc/greylistd/whitelist-hosts}{}} : \ - ${if exists {/var/lib/greylistd/whitelist-hosts}\ - {/var/lib/greylistd/whitelist-hosts}{}} - !authenticated = * - !acl = acl_whitelist_local_deny - domains = +local_domains : +relay_to_domains : dsearch;/etc/exim4/virtual - verify = recipient/callout=20s,use_sender,defer_ok - condition = ${readsocket{/var/run/greylistd/socket}\ - {--grey \ - ${mask:$sender_host_address/24}} \ -# $sender_address \ -# $local_part@$domain}\ - {5s}{}{false}} - - - - # Accept if the address is in a local domain, but only if the recipient can - # be verified. Otherwise deny. The "endpass" line is the border between - # passing on to the next ACL statement (if tests above it fail) or denying - # access (if tests below it fail). - # - accept domains = +local_domains - endpass - message = unknown user - verify = recipient - - accept domains = dsearch;/etc/exim4/virtual - endpass - message = unknown user - verify = recipient - - # Accept if the address is in a domain for which we are relaying, but again, - # only if the recipient can be verified. - # - accept domains = +relay_to_domains - endpass - message = unrouteable address - verify = recipient - - # If control reaches this point, the domain is neither in +local_domains - # nor in +relay_to_domains. - - # Accept if the message comes from one of the hosts for which we are an - # outgoing relay. Recipient verification is omitted here, because in many - # cases the clients are dumb MUAs that don't cope well with SMTP error - # responses. If you are actually relaying out from MTAs, you should probably - # add recipient verification here. - # - accept hosts = +relay_from_hosts - - # Accept if the message arrived over an authenticated connection, from - # any host. Again, these messages are usually from MUAs, so recipient - # verification is omitted. - # - accept authenticated = * - - # Reaching the end of the ACL causes a "deny", but we might as well give - # an explicit message. - # - deny message = relay not permitted - - -}}} - -/etc/exim4/conf.d/acl/40_exim4-config_check_data -{{{ -# 40_exim4-config_check_data - -acl_check_data: - # greylistd(8) configuration follows. - # This statement has been added by "greylistd-setup-exim4", - # and can be removed by running "greylistd-setup-exim4 remove". - # Any changes you make here will then be lost. - # - # Perform greylisting on incoming messages with no envelope sender here. - # We did not subject these to greylisting after RCPT TO:, because that - # would interfere with remote hosts doing sender callout verifications. - # - # Because there is no sender address, we supply only two data items: - # - The remote host address - # - The recipient address (normally, bounces have only one recipient) - # - # We also check the local whitelist to avoid greylisting mail from - # hosts that are expected to forward mail here (such as backup MX hosts, - # list servers, etc). - # - defer - message = $sender_host_address is not yet authorized to deliver. \ - Please try later. - log_message = greylisted. - senders = : - !hosts = : +relay_from_hosts : \ - ${if exists {/etc/greylistd/whitelist-hosts}\ - {/etc/greylistd/whitelist-hosts}{}} : \ - ${if exists {/var/lib/greylistd/whitelist-hosts}\ - {/var/lib/greylistd/whitelist-hosts}{}} - !authenticated = * - !acl = acl_whitelist_local_deny - condition = ${readsocket{/var/run/greylistd/socket}\ - {--grey \ - ${mask:$sender_host_address/24}} \ -# $recipients}\ - {5s}{}{false}} - - - # Deny unless the address list headers are syntactically correct. - # - # This is disabled by default because it might reject legitimate mail. - # If you want your system to insist on syntactically valid address - # headers, you might want to enable the following lines. - # deny message = Message headers fail syntax check - # !acl = acl_whitelist_local_deny - # !verify = header_syntax - - # require that there is a verifiable sender address in at least - # one of the "Sender:", "Reply-To:", or "From:" header lines. - # deny message = No verifiable sender address in message headers - # !acl = acl_whitelist_local_deny - # !verify = header_sender - - -deny message = Serious MIME defect detected ($demime_reason) - demime = * - condition = ${if >{$demime_errorlevel}{2}{1}{0}} - -deny message = Blacklisted file extension detected - condition = ${if match \ - {${lc:$mime_filename}} \ - {\N(\.bat|\.com|\.exe|\.pif|\.prf|\.scr|\.vbs)$\N} \ - {1}{0}} - -deny message = This message contains malware ($malware_name) - malware = * - - -# Always put X-Spam-Score header in the message. -# It looks like this: -# X-Spam-Score: 6.6 (++++++) -# When a MUA cannot match numbers, it can match for an -# equivalent number of '+' signs. -# The 'true' makes sure that the header is always put -# in, no matter what the score. -warn message = X-Spam-Score: $spam_score ($spam_bar) - condition = ${if <{$message_size}{300k}{1}{0}} - spam = spamassassin:true - -# Always put X-Spam-Report header in the message. -# This is a multiline header that informs the user -# which tests a message has "hit", and how much a -# test has contributed to the score. -warn message = X-Spam-Flag: YES - condition = ${if <{$message_size}{300k}{1}{0}} - spam = spamassassin:true - condition = ${if >{$spam_score_int}{30}{1}{0}} - - -deny message = Spam score too high ($spam_score) - condition = ${if <{$message_size}{300k}{1}{0}} - spam = spamassassin:true - condition = ${if >{$spam_score_int}{100}{1}{0}} - - - # accept otherwise - accept -}}} ----- -CategoryCodeSnippets CategoryTipsAndTricks \ No newline at end of file + + +## Exim Konfiguration: + + +### Main + +zuerst: +[[!format txt """ +sudo aptitude install clamav spamassassin spamc greylistd + +adduser clamav Debian-exim +adduser Debian-exim clamav +"""]] +/etc/clamav/clamd.conf +[[!format txt """ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket +User clamav +AllowSupplementaryGroups +ScanMail +ScanArchive +ArchiveMaxRecursion 5 +ArchiveMaxFiles 1000 +ArchiveMaxFileSize 10M +ArchiveMaxCompressionRatio 250 +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogFile /var/log/clamav/clamav.log +LogTime +LogFileMaxSize 0 +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +ScanOLE2 +ScanPE +DetectBrokenExecutables +ScanHTML +ArchiveBlockMax +"""]] +/etc/exim4/conf.d/main/02_exim4-config_options +[[!format txt """ +### main/02_exim4-config_options +################################# + +av_scanner = clamd:/var/run/clamav/clamd.ctl +spamd_address = 127.0.0.1 783 + +... +"""]] +/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt +[[!format txt """ +# This access control list is used for every RCPT command in an incoming +# SMTP message. The tests are run in order until the address is either +# accepted or denied. +# +acl_check_rcpt: + + # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by + # testing for an empty sending host field. + accept hosts = : + + # Add missing Date and Message-ID header for relayed messages + warn hosts = +relay_from_hosts + control = submission/sender_retain + + # The following section of the ACL is concerned with local parts that contain + # @ or % or ! or / or | or dots in unusual places. + # + # The characters other than dots are rarely found in genuine local parts, but + # are often tried by people looking to circumvent relaying restrictions. + # Therefore, although they are valid in local parts, these rules lock them + # out, as a precaution. + # + # Empty components (two dots in a row) are not valid in RFC 2822, but Exim + # allows them because they have been encountered. (Consider local parts + # constructed as "firstinitial.secondinitial.familyname" when applied to + # someone like me, who has no second initial.) However, a local part starting + # with a dot or containing /../ can cause trouble if it is used as part of a + # file name (e.g. for a mailing list). This is also true for local parts that + # contain slashes. A pipe symbol can also be troublesome if the local part is + # incorporated unthinkingly into a shell command line. + # + # Two different rules are used. The first one is stricter, and is applied to + # messages that are addressed to one of the local domains handled by this + # host. It blocks local parts that begin with a dot or contain @ % ! / or |. + # If you have local accounts that include these characters, you will have to + # modify this rule. + deny domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|\'`#&?] + message = restricted characters in address + + # The second rule applies to all other domains, and is less strict. This + # allows your own users to send outgoing messages to sites that use slashes + # and vertical bars in their local parts. It blocks local parts that begin + # with a dot, slash, or vertical bar, but allows these characters within the + # local part. However, the sequence /../ is barred. The use of @ % and ! is + # blocked, as before. The motivation here is to prevent your users (or + # your users' viruses) from mounting certain kinds of attack on remote sites. + + deny domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./ + message = restricted characters in address + + # Accept mail to postmaster in any local domain, regardless of the source, + # and without verifying the sender. + # + accept local_parts = postmaster + domains = +local_domains + + # deny bad senders (envelope sender) + # CONFDIR/local_sender_blacklist holds a list of envelope senders that + # should have their access denied to the local host. Incoming messages + # with one of these senders are rejected at RCPT time. + # + # The explicit white lists are honored as well as negative items in + # the black list. See /usr/share/doc/exim4-config/default_acl for details. + deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster + !acl = acl_whitelist_local_deny + senders = ${if exists{CONFDIR/local_sender_blacklist}\ + {CONFDIR/local_sender_blacklist}\ + {}} + + # deny bad sites (IP address) + # CONFDIR/local_host_blacklist holds a list of host names, IP addresses + # and networks (CIDR notation) that should have their access denied to + # The local host. Messages coming in from a listed host will have all + # RCPT statements rejected. + # + # The explicit white lists are honored as well as negative items in + # the black list. See /usr/share/doc/exim4-config/default_acl for details. + deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster + !acl = acl_whitelist_local_deny + hosts = ${if exists{CONFDIR/local_host_blacklist}\ + {CONFDIR/local_host_blacklist}\ + {}} + + + + # Deny unless the sender address can be verified. + # + # This is disabled by default so that DNSless systems don't break. If + # your system can do DNS lookups without delay or cost, you might want + # to enable the following line. + #deny message = Sender verification failed + # !acl = acl_whitelist_local_deny + # !verify = sender + + # Warn if the sender host does not have valid reverse DNS. + # + # This is disabled by default so that DNSless systems don't break. If + # your system can do DNS lookups without delay or cost, you might want + # to enable the following lines. + # If sender_host_address is defined, it's a remote call. If + # sender_host_name is not defined, then reverse lookup failed. Use + # this instead of !verify = reverse_host_lookup to catch deferrals + # as well as outright failures. + warn message = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}}) + condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\ + {yes}{no}} + + ############################################################################# + # There are no checks on DNS "black" lists because the domains that contain + # these lists are changing all the time. You can find examples of + # how to use dnslists in /usr/share/doc/exim4-config/examples/acl + ############################################################################# + + + # Perform greylisting on incoming messages from remote hosts. + # We do NOT greylist messages with no envelope sender, because that + # would conflict with remote hosts doing callback verifications, and we + # might not be able to send mail to such hosts for a while (until the + # callback attempt is no longer greylisted, and then some). + # + # We also check the local whitelist to avoid greylisting mail from + # hosts that are expected to forward mail here (such as backup MX hosts, + # list servers, etc). + # + # Because the recipient address has not yet been verified, we do so + # now and skip this statement for non-existing recipients. This is + # in order to allow for a 550 (reject) response below. If the delivery + # happens over a remote transport (such as "smtp"), recipient callout + # verification is performed, with the original sender intact. + # + defer + message = $sender_host_address is not yet authorized to deliver. \ + Please try later. + log_message = greylisted. + !senders = : + !hosts = : +relay_from_hosts : \ + ${if exists {/etc/greylistd/whitelist-hosts}\ + {/etc/greylistd/whitelist-hosts}{}} : \ + ${if exists {/var/lib/greylistd/whitelist-hosts}\ + {/var/lib/greylistd/whitelist-hosts}{}} + !authenticated = * + !acl = acl_whitelist_local_deny + domains = +local_domains : +relay_to_domains : dsearch;/etc/exim4/virtual + verify = recipient/callout=20s,use_sender,defer_ok + condition = ${readsocket{/var/run/greylistd/socket}\ + {--grey \ + ${mask:$sender_host_address/24}} \ +# $sender_address \ +# $local_part@$domain}\ + {5s}{}{false}} + + + + # Accept if the address is in a local domain, but only if the recipient can + # be verified. Otherwise deny. The "endpass" line is the border between + # passing on to the next ACL statement (if tests above it fail) or denying + # access (if tests below it fail). + # + accept domains = +local_domains + endpass + message = unknown user + verify = recipient + + accept domains = dsearch;/etc/exim4/virtual + endpass + message = unknown user + verify = recipient + + # Accept if the address is in a domain for which we are relaying, but again, + # only if the recipient can be verified. + # + accept domains = +relay_to_domains + endpass + message = unrouteable address + verify = recipient + + # If control reaches this point, the domain is neither in +local_domains + # nor in +relay_to_domains. + + # Accept if the message comes from one of the hosts for which we are an + # outgoing relay. Recipient verification is omitted here, because in many + # cases the clients are dumb MUAs that don't cope well with SMTP error + # responses. If you are actually relaying out from MTAs, you should probably + # add recipient verification here. + # + accept hosts = +relay_from_hosts + + # Accept if the message arrived over an authenticated connection, from + # any host. Again, these messages are usually from MUAs, so recipient + # verification is omitted. + # + accept authenticated = * + + # Reaching the end of the ACL causes a "deny", but we might as well give + # an explicit message. + # + deny message = relay not permitted + + +"""]] +/etc/exim4/conf.d/acl/40_exim4-config_check_data +[[!format txt """ +# 40_exim4-config_check_data + +acl_check_data: + # greylistd(8) configuration follows. + # This statement has been added by "greylistd-setup-exim4", + # and can be removed by running "greylistd-setup-exim4 remove". + # Any changes you make here will then be lost. + # + # Perform greylisting on incoming messages with no envelope sender here. + # We did not subject these to greylisting after RCPT TO:, because that + # would interfere with remote hosts doing sender callout verifications. + # + # Because there is no sender address, we supply only two data items: + # - The remote host address + # - The recipient address (normally, bounces have only one recipient) + # + # We also check the local whitelist to avoid greylisting mail from + # hosts that are expected to forward mail here (such as backup MX hosts, + # list servers, etc). + # + defer + message = $sender_host_address is not yet authorized to deliver. \ + Please try later. + log_message = greylisted. + senders = : + !hosts = : +relay_from_hosts : \ + ${if exists {/etc/greylistd/whitelist-hosts}\ + {/etc/greylistd/whitelist-hosts}{}} : \ + ${if exists {/var/lib/greylistd/whitelist-hosts}\ + {/var/lib/greylistd/whitelist-hosts}{}} + !authenticated = * + !acl = acl_whitelist_local_deny + condition = ${readsocket{/var/run/greylistd/socket}\ + {--grey \ + ${mask:$sender_host_address/24}} \ +# $recipients}\ + {5s}{}{false}} + + + # Deny unless the address list headers are syntactically correct. + # + # This is disabled by default because it might reject legitimate mail. + # If you want your system to insist on syntactically valid address + # headers, you might want to enable the following lines. + # deny message = Message headers fail syntax check + # !acl = acl_whitelist_local_deny + # !verify = header_syntax + + # require that there is a verifiable sender address in at least + # one of the "Sender:", "Reply-To:", or "From:" header lines. + # deny message = No verifiable sender address in message headers + # !acl = acl_whitelist_local_deny + # !verify = header_sender + + +deny message = Serious MIME defect detected ($demime_reason) + demime = * + condition = ${if >{$demime_errorlevel}{2}{1}{0}} + +deny message = Blacklisted file extension detected + condition = ${if match \ + {${lc:$mime_filename}} \ + {\N(\.bat|\.com|\.exe|\.pif|\.prf|\.scr|\.vbs)$\N} \ + {1}{0}} + +deny message = This message contains malware ($malware_name) + malware = * + + +# Always put X-Spam-Score header in the message. +# It looks like this: +# X-Spam-Score: 6.6 (++++++) +# When a MUA cannot match numbers, it can match for an +# equivalent number of '+' signs. +# The 'true' makes sure that the header is always put +# in, no matter what the score. +warn message = X-Spam-Score: $spam_score ($spam_bar) + condition = ${if <{$message_size}{300k}{1}{0}} + spam = spamassassin:true + +# Always put X-Spam-Report header in the message. +# This is a multiline header that informs the user +# which tests a message has "hit", and how much a +# test has contributed to the score. +warn message = X-Spam-Flag: YES + condition = ${if <{$message_size}{300k}{1}{0}} + spam = spamassassin:true + condition = ${if >{$spam_score_int}{30}{1}{0}} + + +deny message = Spam score too high ($spam_score) + condition = ${if <{$message_size}{300k}{1}{0}} + spam = spamassassin:true + condition = ${if >{$spam_score_int}{100}{1}{0}} + + + # accept otherwise + accept +"""]] + + +--- + + [[CategoryCodeSnippets|CategoryCodeSnippets]] [[CategoryTipsAndTricks|CategoryTipsAndTricks]]