Rev 3 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 3 | Rev 6 | ||
---|---|---|---|
Line -... | Line 1... | ||
- | 1 | ******************************** |
|
- | 2 | * SHOULD YOU USE THIS PACKAGE? * |
|
- | 3 | ******************************** |
|
- | 4 | ||
- | 5 | Since version 4.50, Exim has the content-scanning extension formerly |
|
- | 6 | known as "exiscan" built-in. It has a number of advantages and |
|
- | 7 | disadvantages compared to SA-Exim. |
|
- | 8 | ||
- | 9 | Advantages of built-in content-scanning interface: |
|
- | 10 | ||
- | 11 | * One less configuration file to edit. |
|
- | 12 | * Spam control policy integrates better with Exim's ACL system. |
|
- | 13 | * It's possible to tell SA which user to scan for (the -u parameter of |
|
- | 14 | spamc). SA-Exim can't do that (yet). |
|
- | 15 | * Finer control over the mail header is possible, but not in a clean |
|
- | 16 | way (it involves putting all header fields you might possibly want |
|
- | 17 | to add in the report template, and using rather complicated |
|
- | 18 | expansion expressions to extract the wanted ones from |
|
- | 19 | $spam_report). At any rate, you can choose a prefix different from |
|
- | 20 | "X-Spam-". |
|
- | 21 | ||
- | 22 | Advantages of SA-Exim: |
|
- | 23 | ||
- | 24 | * It is possible to use the report_safe feature, which turns mail |
|
- | 25 | deemed to be spam into a message/rfc822 attachment of a report |
|
- | 26 | message. (Note however that if you do, then any X-SA-* fields added |
|
- | 27 | to help the greylisting module can't be removed.) |
|
- | 28 | * All the add_header and rewrite_header options in |
|
- | 29 | /etc/spamassassin/local.cf will be obeyed. In other words, |
|
- | 30 | everything will be *almost* as if you filtered the mail through |
|
- | 31 | spamassassin on the command line. |
|
- | 32 | * So-called teergrubing ("tarpitting") is possible in a way that |
|
- | 33 | isn't possible with exiscan (I'm not in any way saying that it |
|
- | 34 | works as a counterattack against spammers). |
|
- | 35 | * You can simply add the sa-exim package to a standard exim4 |
|
- | 36 | installation and it should, in principle, instantly work (except |
|
- | 37 | you have to uncomment one line in sa-exim.conf). |
|
- | 38 | ||
- | 39 | Both alternatives enable you to defer, greylist, reject, and blackhole |
|
- | 40 | mail, optionally saving copies, at configurable score levels. |
|
- | 41 | ||
1 | ***************** |
42 | ***************** |
2 | * CONFIGURATION * |
43 | * CONFIGURATION * |
3 | ***************** |
44 | ***************** |
4 | 45 | ||
5 | This version of the sa-exim package defaults to placing a configuration |
46 | This version of the sa-exim package defaults to placing a configuration |
6 | sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the |
47 | sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the |
7 | DebConf questions while configuring Exim4, the module will be loaded |
48 | DebConf questions while configuring Exim4, the module will be loaded |
8 | automatically, or human intervention is required. |
49 | automatically, or human intervention is required. |
9 | 50 | ||
10 | To find out what configurationfile Exim4 is using, issue: |
51 | To find out what configuration file Exim4 is using, issue: |
11 | 52 | ||
12 | $ exim4 -bV | tail -1 |
53 | $ exim4 -bV | tail -1 |
13 | Configuration file is /path/to/configfile |
54 | Configuration file is /path/to/configfile |
14 | 55 | ||
15 | If /path/to/configfile shows: |
56 | If /path/to/configfile shows: |
16 | 57 | ||
17 | - /etc/exim4/exim4.conf |
58 | - /etc/exim4/exim4.conf |
18 | You are using the 'monolithic' configuration file. |
59 | You are using the hand-crafted configuration file. |
19 | See the 'MONOLITHIC' section below. |
60 | See the 'HAND-CRAFTED' section below. |
20 | 61 | ||
21 | - /var/lib/exim4/config.autogenerated |
62 | - /var/lib/exim4/config.autogenerated |
- | 63 | You are using the debianized configuration scheme - with either |
|
22 | You are using the 'split' configuration file. |
64 | 'split' or 'unsplit' configuration file. |
23 | See the 'SPLIT' section below. |
65 | See the 'DEBIANIZED' section below. |
24 | 66 | ||
25 | 67 | ||
26 | MONOLITHIC |
68 | HAND-CRAFTED |
27 | ---------- |
69 | ------------ |
28 | 70 | ||
29 | Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim |
71 | Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim |
30 | line is included in the configuration. If grep returns something, check |
72 | line is included in the configuration. If grep returns something, check |
31 | if it matches the following line. If grep returns nothing, you have to |
73 | if it matches the following line. If grep returns nothing, you have to |
32 | manually add the following line to the exim4.conf file and restart exim4. |
74 | manually add the following line to the exim4.conf file and restart exim4. |
33 | 75 | ||
34 | local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so |
76 | local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so |
35 | 77 | ||
36 | Change or add the line above and manually restart exim4 by issuing |
78 | Change or add the line above and manually restart exim4 by issuing |
37 | 'invoke-rc.d exim4 restart' or '/etc/init.d/exim4 restart' as root. |
79 | 'invoke-rc.d exim4 reload' or '/etc/init.d/exim4 reload' as root. |
38 | 80 | ||
39 | 81 | ||
40 | SPLIT |
82 | DEBIANIZED |
41 | ----- |
83 | ---------- |
42 | 84 | ||
43 | Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to see |
85 | Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to |
44 | if the sa-exim line is included in the configuration. If grep returns |
86 | see if the sa-exim line is included in the configuration. If grep |
45 | something, you're set and already using the sa-exim module. If grep |
87 | returns something, you're set and already using the sa-exim module. If |
46 | returns nothing, we need to figure out a few things: |
88 | grep returns nothing, we need to figure out a few things: |
47 | 89 | ||
48 | Issue: |
90 | Issue: |
49 | $ grep "use_split_config" /etc/exim4/update-exim4.conf.conf |
91 | $ grep "use_split_config" /etc/exim4/update-exim4.conf.conf |
50 | dc_use_split_config='true' |
92 | dc_use_split_config='true' |
51 | 93 | ||
52 | If your result shows 'false' where mine shows 'true', but the check |
94 | If your result shows 'false' where mine shows 'true', then you're |
- | 95 | using the unsplit configuration, generated from |
|
53 | earlier showed that you *are* in fact using the split configuration, |
96 | /etc/exim4/exim4.conf.template. If you haven't customized that file |
54 | then you have to edit /etc/exim4/update-exim4.conf.conf by hand and |
97 | you could edit /etc/exim4/update-exim4.conf.conf by hand, change the |
55 | change the 'false' to 'true' and issue 'update-exim4.conf' as root. |
98 | 'false' to 'true' and issue 'update-exim4.conf' as root. Then, check |
56 | Next, check again if the sa-exim module-line is included. It should. |
99 | again if the sa-exim module line is included. It should. If it still |
57 | If it still isn't: mail me. If it is, restart exim4 by issuing |
100 | isn't: mail me. If it is, restart exim4 by issuing 'invoke-rc.d exim4 |
58 | 'invoke-rc.d exim4 restart' or '/etc/init.d/exim4 restart' as root. |
101 | restart' or '/etc/init.d/exim4 restart' as root. If you *have* |
- | 102 | customized /etc/exim4/exim4.conf.template, then you'd better stick |
|
- | 103 | with the unsplit configuration scheme and add the local_scan_path |
|
- | 104 | setting by hand, like with the hand-crafted configuration file. |
|
59 | 105 | ||
60 | Next, read all about greylisting and sa-exim: |
106 | Next, read all about greylisting and sa-exim: |
61 | 107 | ||
62 | *************** |
108 | *************** |
63 | * GREYLISTING * |
109 | * GREYLISTING * |
Line 69... | Line 115... | ||
69 | The only thing you need to do to enable it, is to copy the 4 lines below |
115 | The only thing you need to do to enable it, is to copy the 4 lines below |
70 | loadplugin in the greylisting README, and adjust the score if you wish (see |
116 | loadplugin in the greylisting README, and adjust the score if you wish (see |
71 | README.Greylisting for details) |
117 | README.Greylisting for details) |
72 | 118 | ||
73 | 119 | ||
74 | If you use a version of SA older than 3.0, you will need to patch |
120 | If you use a version of SA older than 3.0 (if you are, you really, |
- | 121 | really should upgrade!), you will need to patch spamassassin's sources |
|
75 | spamassassin's sources to support greylisting. |
122 | to support greylisting. |
76 | 123 | ||
77 | There are two versions of the patches: |
124 | There are two versions of the patches: |
78 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff |
125 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff |
79 | This patch can be applied to versions 2.4x of SpamAssassin. Note |
126 | This patch can be applied to versions 2.4x of SpamAssassin. Note |
80 | that this patch is not fully functional anymore, it is just left as |
127 | that this patch is not fully functional anymore, it is just left as |
Line 103... | Line 150... | ||
103 | $ echo "spamassassin hold" | dpkg --set-selections |
150 | $ echo "spamassassin hold" | dpkg --set-selections |
104 | 151 | ||
105 | You can later set it to install again with: |
152 | You can later set it to install again with: |
106 | 153 | ||
107 | $ echo "spamassassin install" | dpkg --set-selections |
154 | $ echo "spamassassin install" | dpkg --set-selections |
- | 155 | ||
- | 156 | ||
- | 157 | ********************************** |
|
- | 158 | * NOTICE ABOUT SPAMC CONFIG FILE * |
|
- | 159 | ********************************** |
|
- | 160 | ||
- | 161 | Recent versions of spamc can read command-line parameters and switches |
|
- | 162 | from a configuration file called /etc/spamassassin/spamc.conf. If that |
|
- | 163 | file specifies conflicting options, it will prevent SA-Exim from |
|
- | 164 | working. For now, you'll have to make sure that it doesn't. |