Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 6 | Rev 67 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
6 magnus 1
********************************
2
* SHOULD YOU USE THIS PACKAGE? *
3
********************************
4
 
5
Since version 4.50, Exim has the content-scanning extension formerly
6
known as "exiscan" built-in. It has a number of advantages and
7
disadvantages compared to SA-Exim.
8
 
9
Advantages of built-in content-scanning interface:
10
 
11
 * One less configuration file to edit.
12
 * Spam control policy integrates better with Exim's ACL system.
13
 * It's possible to tell SA which user to scan for (the -u parameter of
14
   spamc). SA-Exim can't do that (yet).
15
 * Finer control over the mail header is possible, but not in a clean
16
   way (it involves putting all header fields you might possibly want
17
   to add in the report template, and using rather complicated
18
   expansion expressions to extract the wanted ones from
19
   $spam_report). At any rate, you can choose a prefix different from
20
   "X-Spam-".
21
 
22
Advantages of SA-Exim:
23
 
24
 * It is possible to use the report_safe feature, which turns mail
25
   deemed to be spam into a message/rfc822 attachment of a report
26
   message. (Note however that if you do, then any X-SA-* fields added
27
   to help the greylisting module can't be removed.)
28
 * All the add_header and rewrite_header options in
29
   /etc/spamassassin/local.cf will be obeyed. In other words,
30
   everything will be *almost* as if you filtered the mail through
31
   spamassassin on the command line.
32
 * So-called teergrubing ("tarpitting") is possible in a way that
33
   isn't possible with exiscan (I'm not in any way saying that it
34
   works as a counterattack against spammers).
35
 * You can simply add the sa-exim package to a standard exim4
36
   installation and it should, in principle, instantly work (except
37
   you have to uncomment one line in sa-exim.conf).
38
 
39
Both alternatives enable you to defer, greylist, reject, and blackhole
40
mail, optionally saving copies, at configurable score levels.
41
 
1 magnus 42
*****************
43
* CONFIGURATION *
44
*****************
45
 
46
This version of the sa-exim package defaults to placing a configuration
47
sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the
48
DebConf questions while configuring Exim4, the module will be loaded
49
automatically, or human intervention is required.
50
 
6 magnus 51
To find out what configuration file Exim4 is using, issue:
1 magnus 52
 
53
  $ exim4 -bV | tail -1
54
  Configuration file is /path/to/configfile
55
 
56
If /path/to/configfile shows:
57
 
58
  - /etc/exim4/exim4.conf
6 magnus 59
    You are using the hand-crafted configuration file.
60
	See the 'HAND-CRAFTED' section below.
1 magnus 61
 
62
  - /var/lib/exim4/config.autogenerated
6 magnus 63
    You are using the debianized configuration scheme - with either
64
    'split' or 'unsplit' configuration file.
65
	See the 'DEBIANIZED' section below.
1 magnus 66
 
67
 
6 magnus 68
HAND-CRAFTED
69
------------
1 magnus 70
 
71
Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim
72
line is included in the configuration. If grep returns something, check
73
if it matches the following line. If grep returns nothing, you have to
74
manually add the following line to the exim4.conf file and restart exim4.
75
 
76
    local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so
77
 
78
Change or add the line above and manually restart exim4 by issuing
6 magnus 79
'invoke-rc.d exim4 reload' or '/etc/init.d/exim4 reload' as root.
1 magnus 80
 
81
 
6 magnus 82
DEBIANIZED
83
----------
1 magnus 84
 
6 magnus 85
Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to
86
see if the sa-exim line is included in the configuration. If grep
87
returns something, you're set and already using the sa-exim module. If
88
grep returns nothing, we need to figure out a few things:
1 magnus 89
 
90
Issue:
91
	$ grep "use_split_config" /etc/exim4/update-exim4.conf.conf
92
      dc_use_split_config='true'
93
 
6 magnus 94
If your result shows 'false' where mine shows 'true', then you're
95
using the unsplit configuration, generated from
96
/etc/exim4/exim4.conf.template.  If you haven't customized that file
97
you could edit /etc/exim4/update-exim4.conf.conf by hand, change the
98
'false' to 'true' and issue 'update-exim4.conf' as root. Then, check
99
again if the sa-exim module line is included. It should. If it still
100
isn't: mail me. If it is, restart exim4 by issuing 'invoke-rc.d exim4
101
restart' or '/etc/init.d/exim4 restart' as root. If you *have*
102
customized /etc/exim4/exim4.conf.template, then you'd better stick
103
with the unsplit configuration scheme and add the local_scan_path
104
setting by hand, like with the hand-crafted configuration file.
1 magnus 105
 
106
Next, read all about greylisting and sa-exim:
107
 
108
***************
109
* GREYLISTING *
110
***************
111
Notes on greylisting with sa-exim.
112
 
113
If you use SpamAssassin 3.0 or better, you do not need to patch it, you
114
can just use the Greylisting module shipped with sa-exim.
115
The only thing you need to do to enable it, is to copy the 4 lines below
116
loadplugin in the greylisting README, and adjust the score if you wish (see
46 magnus 117
README.Greylisting for details).
1 magnus 118
 
46 magnus 119
***********************************
120
* PROBLEMS WITH BAYES AUTO-EXPIRY *
121
***********************************
1 magnus 122
 
46 magnus 123
When scanning mail during the SMTP dialogue there is somewhat limited
124
time before the remote host gives up, even if they should wait for at
125
least ten minutes. To avoid Exim returning a temporary error status,
126
or the remote host giving up prematurely and in some cases for good,
127
SA-Exim overrides Exim's timeout handler and accepts the message if
128
SpamAssassin takes too long, by default 240 seconds.
1 magnus 129
 
46 magnus 130
Using SpamAssassin's Bayesian learning module means that it will
131
automatically expire old tokens when its database has grown too large.
132
That can take several minutes. If it takes too long, SA-Exim will
133
abort it, meaning that SpamAssassin will run auto-expiry again next
134
time, and be aborted, and so on...
1 magnus 135
 
46 magnus 136
If this happens, you have a few remedies:
1 magnus 137
 
46 magnus 138
1) Set SAtimeout to a higher value in /etc/exim4/sa-exim.conf.
1 magnus 139
 
46 magnus 140
2) Run sa-learn --force-expire periodically. How you run it depends on
141
   how you've configured SpamAssassin. Running it as Debian-exim may
142
   be sufficient.
1 magnus 143
 
46 magnus 144
2 a) In addition, you can add
1 magnus 145
 
46 magnus 146
   bayes_auto_expire 0
1 magnus 147
 
46 magnus 148
   to /etc/spamassassin/local.cf. This may not be a good idea if
149
   SpamAssassin, for whatever reason, is also used as a more
150
   traditional filter from e.g. .procmailrc, as all users will need to
151
   run sa-learn --force-expire then.
1 magnus 152
 
46 magnus 153
2 b) If you get a lot of mail, consider adding
6 magnus 154
 
46 magnus 155
   bayes_learn_to_journal 1
6 magnus 156
 
46 magnus 157
   to local.cf. See the Mail::SpamAssassin::Conf(3) manual page for
158
   more information.
159
 
6 magnus 160
**********************************
161
* NOTICE ABOUT SPAMC CONFIG FILE *
162
**********************************
163
 
164
Recent versions of spamc can read command-line parameters and switches
165
from a configuration file called /etc/spamassassin/spamc.conf. If that
166
file specifies conflicting options, it will prevent SA-Exim from
167
working. For now, you'll have to make sure that it doesn't.
46 magnus 168
 
169
 -- Magnus Holmgren <holmgren@debian.org>, Tue, 24 Jun 2008 14:27:59 +0200