Rev 3 | Rev 46 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 3 | Rev 6 | ||
---|---|---|---|
- | 1 | ******************************** |
|
- | 2 | * SHOULD YOU USE THIS PACKAGE? * |
|
- | 3 | ******************************** |
|
- | 4 | ||
- | 5 | Since version 4.50, Exim has the content-scanning extension formerly |
|
- | 6 | known as "exiscan" built-in. It has a number of advantages and |
|
- | 7 | disadvantages compared to SA-Exim. |
|
- | 8 | ||
- | 9 | Advantages of built-in content-scanning interface: |
|
- | 10 | ||
- | 11 | * One less configuration file to edit. |
|
- | 12 | * Spam control policy integrates better with Exim's ACL system. |
|
- | 13 | * It's possible to tell SA which user to scan for (the -u parameter of |
|
- | 14 | spamc). SA-Exim can't do that (yet). |
|
- | 15 | * Finer control over the mail header is possible, but not in a clean |
|
- | 16 | way (it involves putting all header fields you might possibly want |
|
- | 17 | to add in the report template, and using rather complicated |
|
- | 18 | expansion expressions to extract the wanted ones from |
|
- | 19 | $spam_report). At any rate, you can choose a prefix different from |
|
- | 20 | "X-Spam-". |
|
- | 21 | ||
- | 22 | Advantages of SA-Exim: |
|
- | 23 | ||
- | 24 | * It is possible to use the report_safe feature, which turns mail |
|
- | 25 | deemed to be spam into a message/rfc822 attachment of a report |
|
- | 26 | message. (Note however that if you do, then any X-SA-* fields added |
|
- | 27 | to help the greylisting module can't be removed.) |
|
- | 28 | * All the add_header and rewrite_header options in |
|
- | 29 | /etc/spamassassin/local.cf will be obeyed. In other words, |
|
- | 30 | everything will be *almost* as if you filtered the mail through |
|
- | 31 | spamassassin on the command line. |
|
- | 32 | * So-called teergrubing ("tarpitting") is possible in a way that |
|
- | 33 | isn't possible with exiscan (I'm not in any way saying that it |
|
- | 34 | works as a counterattack against spammers). |
|
- | 35 | * You can simply add the sa-exim package to a standard exim4 |
|
- | 36 | installation and it should, in principle, instantly work (except |
|
- | 37 | you have to uncomment one line in sa-exim.conf). |
|
- | 38 | ||
- | 39 | Both alternatives enable you to defer, greylist, reject, and blackhole |
|
- | 40 | mail, optionally saving copies, at configurable score levels. |
|
- | 41 | ||
1 | ***************** |
42 | ***************** |
2 | * CONFIGURATION * |
43 | * CONFIGURATION * |
3 | ***************** |
44 | ***************** |
4 | 45 | ||
5 | This version of the sa-exim package defaults to placing a configuration |
46 | This version of the sa-exim package defaults to placing a configuration |
6 | sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the |
47 | sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the |
7 | DebConf questions while configuring Exim4, the module will be loaded |
48 | DebConf questions while configuring Exim4, the module will be loaded |
8 | automatically, or human intervention is required. |
49 | automatically, or human intervention is required. |
9 | 50 | ||
10 | To find out what configurationfile Exim4 is using, issue: |
51 | To find out what configuration file Exim4 is using, issue: |
11 | 52 | ||
12 | $ exim4 -bV | tail -1 |
53 | $ exim4 -bV | tail -1 |
13 | Configuration file is /path/to/configfile |
54 | Configuration file is /path/to/configfile |
14 | 55 | ||
15 | If /path/to/configfile shows: |
56 | If /path/to/configfile shows: |
16 | 57 | ||
17 | - /etc/exim4/exim4.conf |
58 | - /etc/exim4/exim4.conf |
18 | You are using the 'monolithic' configuration file. |
59 | You are using the hand-crafted configuration file. |
19 | See the 'MONOLITHIC' section below. |
60 | See the 'HAND-CRAFTED' section below. |
20 | 61 | ||
21 | - /var/lib/exim4/config.autogenerated |
62 | - /var/lib/exim4/config.autogenerated |
- | 63 | You are using the debianized configuration scheme - with either |
|
22 | You are using the 'split' configuration file. |
64 | 'split' or 'unsplit' configuration file. |
23 | See the 'SPLIT' section below. |
65 | See the 'DEBIANIZED' section below. |
24 | 66 | ||
25 | 67 | ||
26 | MONOLITHIC |
68 | HAND-CRAFTED |
27 | ---------- |
69 | ------------ |
28 | 70 | ||
29 | Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim |
71 | Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim |
30 | line is included in the configuration. If grep returns something, check |
72 | line is included in the configuration. If grep returns something, check |
31 | if it matches the following line. If grep returns nothing, you have to |
73 | if it matches the following line. If grep returns nothing, you have to |
32 | manually add the following line to the exim4.conf file and restart exim4. |
74 | manually add the following line to the exim4.conf file and restart exim4. |
33 | 75 | ||
34 | local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so |
76 | local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so |
35 | 77 | ||
36 | Change or add the line above and manually restart exim4 by issuing |
78 | Change or add the line above and manually restart exim4 by issuing |
37 | 'invoke-rc.d exim4 restart' or '/etc/init.d/exim4 restart' as root. |
79 | 'invoke-rc.d exim4 reload' or '/etc/init.d/exim4 reload' as root. |
38 | 80 | ||
39 | 81 | ||
40 | SPLIT |
82 | DEBIANIZED |
41 | ----- |
83 | ---------- |
42 | 84 | ||
43 | Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to see |
85 | Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to |
44 | if the sa-exim line is included in the configuration. If grep returns |
86 | see if the sa-exim line is included in the configuration. If grep |
45 | something, you're set and already using the sa-exim module. If grep |
87 | returns something, you're set and already using the sa-exim module. If |
46 | returns nothing, we need to figure out a few things: |
88 | grep returns nothing, we need to figure out a few things: |
47 | 89 | ||
48 | Issue: |
90 | Issue: |
49 | $ grep "use_split_config" /etc/exim4/update-exim4.conf.conf |
91 | $ grep "use_split_config" /etc/exim4/update-exim4.conf.conf |
50 | dc_use_split_config='true' |
92 | dc_use_split_config='true' |
51 | 93 | ||
52 | If your result shows 'false' where mine shows 'true', but the check |
94 | If your result shows 'false' where mine shows 'true', then you're |
- | 95 | using the unsplit configuration, generated from |
|
53 | earlier showed that you *are* in fact using the split configuration, |
96 | /etc/exim4/exim4.conf.template. If you haven't customized that file |
54 | then you have to edit /etc/exim4/update-exim4.conf.conf by hand and |
97 | you could edit /etc/exim4/update-exim4.conf.conf by hand, change the |
55 | change the 'false' to 'true' and issue 'update-exim4.conf' as root. |
98 | 'false' to 'true' and issue 'update-exim4.conf' as root. Then, check |
56 | Next, check again if the sa-exim module-line is included. It should. |
99 | again if the sa-exim module line is included. It should. If it still |
57 | If it still isn't: mail me. If it is, restart exim4 by issuing |
100 | isn't: mail me. If it is, restart exim4 by issuing 'invoke-rc.d exim4 |
58 | 'invoke-rc.d exim4 restart' or '/etc/init.d/exim4 restart' as root. |
101 | restart' or '/etc/init.d/exim4 restart' as root. If you *have* |
- | 102 | customized /etc/exim4/exim4.conf.template, then you'd better stick |
|
- | 103 | with the unsplit configuration scheme and add the local_scan_path |
|
- | 104 | setting by hand, like with the hand-crafted configuration file. |
|
59 | 105 | ||
60 | Next, read all about greylisting and sa-exim: |
106 | Next, read all about greylisting and sa-exim: |
61 | 107 | ||
62 | *************** |
108 | *************** |
63 | * GREYLISTING * |
109 | * GREYLISTING * |
64 | *************** |
110 | *************** |
65 | Notes on greylisting with sa-exim. |
111 | Notes on greylisting with sa-exim. |
66 | 112 | ||
67 | If you use SpamAssassin 3.0 or better, you do not need to patch it, you |
113 | If you use SpamAssassin 3.0 or better, you do not need to patch it, you |
68 | can just use the Greylisting module shipped with sa-exim. |
114 | can just use the Greylisting module shipped with sa-exim. |
69 | The only thing you need to do to enable it, is to copy the 4 lines below |
115 | The only thing you need to do to enable it, is to copy the 4 lines below |
70 | loadplugin in the greylisting README, and adjust the score if you wish (see |
116 | loadplugin in the greylisting README, and adjust the score if you wish (see |
71 | README.Greylisting for details) |
117 | README.Greylisting for details) |
72 | 118 | ||
73 | 119 | ||
74 | If you use a version of SA older than 3.0, you will need to patch |
120 | If you use a version of SA older than 3.0 (if you are, you really, |
- | 121 | really should upgrade!), you will need to patch spamassassin's sources |
|
75 | spamassassin's sources to support greylisting. |
122 | to support greylisting. |
76 | 123 | ||
77 | There are two versions of the patches: |
124 | There are two versions of the patches: |
78 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff |
125 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff |
79 | This patch can be applied to versions 2.4x of SpamAssassin. Note |
126 | This patch can be applied to versions 2.4x of SpamAssassin. Note |
80 | that this patch is not fully functional anymore, it is just left as |
127 | that this patch is not fully functional anymore, it is just left as |
81 | a template should you want to backport the current 2.6x patch. |
128 | a template should you want to backport the current 2.6x patch. |
82 | That said, you really ought to upgrade SA to 2.6x or 3.x |
129 | That said, you really ought to upgrade SA to 2.6x or 3.x |
83 | 130 | ||
84 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.6.diff |
131 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.6.diff |
85 | This patch can be applied to versions 2.6x of SpamAssassin. |
132 | This patch can be applied to versions 2.6x of SpamAssassin. |
86 | 133 | ||
87 | Please read README.Greylisting for more information on how to enable |
134 | Please read README.Greylisting for more information on how to enable |
88 | this feature, and what further changes are needed. |
135 | this feature, and what further changes are needed. |
89 | Note that this configuration won't be supported in the future, and you |
136 | Note that this configuration won't be supported in the future, and you |
90 | are encouraged to upgrade to SA 3.0 or better. |
137 | are encouraged to upgrade to SA 3.0 or better. |
91 | 138 | ||
92 | ************* |
139 | ************* |
93 | * BE WARNED * |
140 | * BE WARNED * |
94 | ************* |
141 | ************* |
95 | 142 | ||
96 | By applying these patches, you change the sourcecode of SpamAssassin |
143 | By applying these patches, you change the sourcecode of SpamAssassin |
97 | (again, this is if you use a version of SpamAssassin earlier than 3.0) |
144 | (again, this is if you use a version of SpamAssassin earlier than 3.0) |
98 | This also means that when the SpamAssassin package gets upgraded, the |
145 | This also means that when the SpamAssassin package gets upgraded, the |
99 | changes made by the patch are LOST. |
146 | changes made by the patch are LOST. |
100 | This *MIGHT* cause your mail setup to break. It might be best to put |
147 | This *MIGHT* cause your mail setup to break. It might be best to put |
101 | SpamAssassin on hold: |
148 | SpamAssassin on hold: |
102 | 149 | ||
103 | $ echo "spamassassin hold" | dpkg --set-selections |
150 | $ echo "spamassassin hold" | dpkg --set-selections |
104 | 151 | ||
105 | You can later set it to install again with: |
152 | You can later set it to install again with: |
106 | 153 | ||
107 | $ echo "spamassassin install" | dpkg --set-selections |
154 | $ echo "spamassassin install" | dpkg --set-selections |
- | 155 | ||
- | 156 | ||
- | 157 | ********************************** |
|
- | 158 | * NOTICE ABOUT SPAMC CONFIG FILE * |
|
- | 159 | ********************************** |
|
- | 160 | ||
- | 161 | Recent versions of spamc can read command-line parameters and switches |
|
- | 162 | from a configuration file called /etc/spamassassin/spamc.conf. If that |
|
- | 163 | file specifies conflicting options, it will prevent SA-Exim from |
|
- | 164 | working. For now, you'll have to make sure that it doesn't. |