Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 3 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 3 Rev 6
Line -... Line 1...
-
 
1
********************************
-
 
2
* SHOULD YOU USE THIS PACKAGE? *
-
 
3
********************************
-
 
4
-
 
5
Since version 4.50, Exim has the content-scanning extension formerly
-
 
6
known as "exiscan" built-in. It has a number of advantages and
-
 
7
disadvantages compared to SA-Exim.
-
 
8
-
 
9
Advantages of built-in content-scanning interface:
-
 
10
-
 
11
 * One less configuration file to edit.
-
 
12
 * Spam control policy integrates better with Exim's ACL system.
-
 
13
 * It's possible to tell SA which user to scan for (the -u parameter of
-
 
14
   spamc). SA-Exim can't do that (yet).
-
 
15
 * Finer control over the mail header is possible, but not in a clean
-
 
16
   way (it involves putting all header fields you might possibly want
-
 
17
   to add in the report template, and using rather complicated
-
 
18
   expansion expressions to extract the wanted ones from
-
 
19
   $spam_report). At any rate, you can choose a prefix different from
-
 
20
   "X-Spam-".
-
 
21
-
 
22
Advantages of SA-Exim:
-
 
23
-
 
24
 * It is possible to use the report_safe feature, which turns mail
-
 
25
   deemed to be spam into a message/rfc822 attachment of a report
-
 
26
   message. (Note however that if you do, then any X-SA-* fields added
-
 
27
   to help the greylisting module can't be removed.)
-
 
28
 * All the add_header and rewrite_header options in 
-
 
29
   /etc/spamassassin/local.cf will be obeyed. In other words,
-
 
30
   everything will be *almost* as if you filtered the mail through 
-
 
31
   spamassassin on the command line.
-
 
32
 * So-called teergrubing ("tarpitting") is possible in a way that
-
 
33
   isn't possible with exiscan (I'm not in any way saying that it
-
 
34
   works as a counterattack against spammers).
-
 
35
 * You can simply add the sa-exim package to a standard exim4
-
 
36
   installation and it should, in principle, instantly work (except
-
 
37
   you have to uncomment one line in sa-exim.conf).
-
 
38
-
 
39
Both alternatives enable you to defer, greylist, reject, and blackhole
-
 
40
mail, optionally saving copies, at configurable score levels.
-
 
41
1
*****************
42
*****************
2
* CONFIGURATION *
43
* CONFIGURATION *
3
*****************
44
*****************
4
45
5
This version of the sa-exim package defaults to placing a configuration
46
This version of the sa-exim package defaults to placing a configuration
6
sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the
47
sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the
7
DebConf questions while configuring Exim4, the module will be loaded
48
DebConf questions while configuring Exim4, the module will be loaded
8
automatically, or human intervention is required.
49
automatically, or human intervention is required.
9
50
10
To find out what configurationfile Exim4 is using, issue:
51
To find out what configuration file Exim4 is using, issue:
11
52
12
  $ exim4 -bV | tail -1
53
  $ exim4 -bV | tail -1
13
  Configuration file is /path/to/configfile
54
  Configuration file is /path/to/configfile
14
55
15
If /path/to/configfile shows:
56
If /path/to/configfile shows:
16
57
17
  - /etc/exim4/exim4.conf
58
  - /etc/exim4/exim4.conf
18
    You are using the 'monolithic' configuration file.
59
    You are using the hand-crafted configuration file.
19
	See the 'MONOLITHIC' section below.
60
	See the 'HAND-CRAFTED' section below.
20
	
61
	
21
  - /var/lib/exim4/config.autogenerated 
62
  - /var/lib/exim4/config.autogenerated 
-
 
63
    You are using the debianized configuration scheme - with either
22
    You are using the 'split' configuration file.
64
    'split' or 'unsplit' configuration file.
23
	See the 'SPLIT' section below.
65
	See the 'DEBIANIZED' section below.
24
66
25
67
26
MONOLITHIC
68
HAND-CRAFTED
27
----------
69
------------
28
70
29
Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim
71
Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim
30
line is included in the configuration. If grep returns something, check
72
line is included in the configuration. If grep returns something, check
31
if it matches the following line. If grep returns nothing, you have to
73
if it matches the following line. If grep returns nothing, you have to
32
manually add the following line to the exim4.conf file and restart exim4.
74
manually add the following line to the exim4.conf file and restart exim4.
33
75
34
    local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
76
    local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
35
77
36
Change or add the line above and manually restart exim4 by issuing
78
Change or add the line above and manually restart exim4 by issuing
37
'invoke-rc.d exim4 restart' or '/etc/init.d/exim4 restart' as root.
79
'invoke-rc.d exim4 reload' or '/etc/init.d/exim4 reload' as root.
38
80
39
81
40
SPLIT
82
DEBIANIZED
41
-----
83
----------
42
84
43
Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to see
85
Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to
44
if the sa-exim line is included in the configuration. If grep returns
86
see if the sa-exim line is included in the configuration. If grep
45
something, you're set and already using the sa-exim module. If grep
87
returns something, you're set and already using the sa-exim module. If
46
returns nothing, we need to figure out a few things:
88
grep returns nothing, we need to figure out a few things:
47
89
48
Issue:
90
Issue:
49
	$ grep "use_split_config" /etc/exim4/update-exim4.conf.conf 
91
	$ grep "use_split_config" /etc/exim4/update-exim4.conf.conf 
50
      dc_use_split_config='true'
92
      dc_use_split_config='true'
51
93
52
If your result shows 'false' where mine shows 'true', but the check
94
If your result shows 'false' where mine shows 'true', then you're
-
 
95
using the unsplit configuration, generated from
53
earlier showed that you *are* in fact using the split configuration,
96
/etc/exim4/exim4.conf.template.  If you haven't customized that file
54
then you have to edit /etc/exim4/update-exim4.conf.conf by hand and
97
you could edit /etc/exim4/update-exim4.conf.conf by hand, change the
55
change the 'false' to 'true' and issue 'update-exim4.conf' as root.
98
'false' to 'true' and issue 'update-exim4.conf' as root. Then, check
56
Next, check again if the sa-exim module-line is included. It should.
99
again if the sa-exim module line is included. It should. If it still
57
If it still isn't: mail me. If it is, restart exim4 by issuing
100
isn't: mail me. If it is, restart exim4 by issuing 'invoke-rc.d exim4
58
'invoke-rc.d exim4 restart' or '/etc/init.d/exim4 restart' as root.
101
restart' or '/etc/init.d/exim4 restart' as root. If you *have*
-
 
102
customized /etc/exim4/exim4.conf.template, then you'd better stick
-
 
103
with the unsplit configuration scheme and add the local_scan_path
-
 
104
setting by hand, like with the hand-crafted configuration file.
59
105
60
Next, read all about greylisting and sa-exim:
106
Next, read all about greylisting and sa-exim:
61
107
62
***************
108
***************
63
* GREYLISTING *
109
* GREYLISTING *
Line 69... Line 115...
69
The only thing you need to do to enable it, is to copy the 4 lines below
115
The only thing you need to do to enable it, is to copy the 4 lines below
70
loadplugin in the greylisting README, and adjust the score if you wish (see
116
loadplugin in the greylisting README, and adjust the score if you wish (see
71
README.Greylisting for details)
117
README.Greylisting for details)
72
118
73
119
74
If you use a version of SA older than 3.0, you will need to patch
120
If you use a version of SA older than 3.0 (if you are, you really,
-
 
121
really should upgrade!), you will need to patch spamassassin's sources
75
spamassassin's sources to support greylisting.
122
to support greylisting.
76
123
77
There are two versions of the patches: 
124
There are two versions of the patches: 
78
 - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff 
125
 - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff 
79
   This patch can be applied to versions 2.4x of SpamAssassin. Note
126
   This patch can be applied to versions 2.4x of SpamAssassin. Note
80
   that this patch is not fully functional anymore, it is just left as
127
   that this patch is not fully functional anymore, it is just left as
Line 103... Line 150...
103
  $ echo "spamassassin hold" | dpkg --set-selections
150
  $ echo "spamassassin hold" | dpkg --set-selections
104
151
105
You can later set it to install again with:
152
You can later set it to install again with:
106
153
107
  $ echo "spamassassin install" | dpkg --set-selections
154
  $ echo "spamassassin install" | dpkg --set-selections
-
 
155
-
 
156
-
 
157
**********************************
-
 
158
* NOTICE ABOUT SPAMC CONFIG FILE *
-
 
159
**********************************
-
 
160
-
 
161
Recent versions of spamc can read command-line parameters and switches
-
 
162
from a configuration file called /etc/spamassassin/spamc.conf. If that
-
 
163
file specifies conflicting options, it will prevent SA-Exim from 
-
 
164
working. For now, you'll have to make sure that it doesn't.