Rev 3 | Rev 46 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 6 | magnus | 1 | ******************************** |
| 2 | * SHOULD YOU USE THIS PACKAGE? * |
||
| 3 | ******************************** |
||
| 4 | |||
| 5 | Since version 4.50, Exim has the content-scanning extension formerly |
||
| 6 | known as "exiscan" built-in. It has a number of advantages and |
||
| 7 | disadvantages compared to SA-Exim. |
||
| 8 | |||
| 9 | Advantages of built-in content-scanning interface: |
||
| 10 | |||
| 11 | * One less configuration file to edit. |
||
| 12 | * Spam control policy integrates better with Exim's ACL system. |
||
| 13 | * It's possible to tell SA which user to scan for (the -u parameter of |
||
| 14 | spamc). SA-Exim can't do that (yet). |
||
| 15 | * Finer control over the mail header is possible, but not in a clean |
||
| 16 | way (it involves putting all header fields you might possibly want |
||
| 17 | to add in the report template, and using rather complicated |
||
| 18 | expansion expressions to extract the wanted ones from |
||
| 19 | $spam_report). At any rate, you can choose a prefix different from |
||
| 20 | "X-Spam-". |
||
| 21 | |||
| 22 | Advantages of SA-Exim: |
||
| 23 | |||
| 24 | * It is possible to use the report_safe feature, which turns mail |
||
| 25 | deemed to be spam into a message/rfc822 attachment of a report |
||
| 26 | message. (Note however that if you do, then any X-SA-* fields added |
||
| 27 | to help the greylisting module can't be removed.) |
||
| 28 | * All the add_header and rewrite_header options in |
||
| 29 | /etc/spamassassin/local.cf will be obeyed. In other words, |
||
| 30 | everything will be *almost* as if you filtered the mail through |
||
| 31 | spamassassin on the command line. |
||
| 32 | * So-called teergrubing ("tarpitting") is possible in a way that |
||
| 33 | isn't possible with exiscan (I'm not in any way saying that it |
||
| 34 | works as a counterattack against spammers). |
||
| 35 | * You can simply add the sa-exim package to a standard exim4 |
||
| 36 | installation and it should, in principle, instantly work (except |
||
| 37 | you have to uncomment one line in sa-exim.conf). |
||
| 38 | |||
| 39 | Both alternatives enable you to defer, greylist, reject, and blackhole |
||
| 40 | mail, optionally saving copies, at configurable score levels. |
||
| 41 | |||
| 1 | magnus | 42 | ***************** |
| 43 | * CONFIGURATION * |
||
| 44 | ***************** |
||
| 45 | |||
| 46 | This version of the sa-exim package defaults to placing a configuration |
||
| 47 | sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the |
||
| 48 | DebConf questions while configuring Exim4, the module will be loaded |
||
| 49 | automatically, or human intervention is required. |
||
| 50 | |||
| 6 | magnus | 51 | To find out what configuration file Exim4 is using, issue: |
| 1 | magnus | 52 | |
| 53 | $ exim4 -bV | tail -1 |
||
| 54 | Configuration file is /path/to/configfile |
||
| 55 | |||
| 56 | If /path/to/configfile shows: |
||
| 57 | |||
| 58 | - /etc/exim4/exim4.conf |
||
| 6 | magnus | 59 | You are using the hand-crafted configuration file. |
| 60 | See the 'HAND-CRAFTED' section below. |
||
| 1 | magnus | 61 | |
| 62 | - /var/lib/exim4/config.autogenerated |
||
| 6 | magnus | 63 | You are using the debianized configuration scheme - with either |
| 64 | 'split' or 'unsplit' configuration file. |
||
| 65 | See the 'DEBIANIZED' section below. |
||
| 1 | magnus | 66 | |
| 67 | |||
| 6 | magnus | 68 | HAND-CRAFTED |
| 69 | ------------ |
||
| 1 | magnus | 70 | |
| 71 | Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim |
||
| 72 | line is included in the configuration. If grep returns something, check |
||
| 73 | if it matches the following line. If grep returns nothing, you have to |
||
| 74 | manually add the following line to the exim4.conf file and restart exim4. |
||
| 75 | |||
| 76 | local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so |
||
| 77 | |||
| 78 | Change or add the line above and manually restart exim4 by issuing |
||
| 6 | magnus | 79 | 'invoke-rc.d exim4 reload' or '/etc/init.d/exim4 reload' as root. |
| 1 | magnus | 80 | |
| 81 | |||
| 6 | magnus | 82 | DEBIANIZED |
| 83 | ---------- |
||
| 1 | magnus | 84 | |
| 6 | magnus | 85 | Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to |
| 86 | see if the sa-exim line is included in the configuration. If grep |
||
| 87 | returns something, you're set and already using the sa-exim module. If |
||
| 88 | grep returns nothing, we need to figure out a few things: |
||
| 1 | magnus | 89 | |
| 90 | Issue: |
||
| 91 | $ grep "use_split_config" /etc/exim4/update-exim4.conf.conf |
||
| 92 | dc_use_split_config='true' |
||
| 93 | |||
| 6 | magnus | 94 | If your result shows 'false' where mine shows 'true', then you're |
| 95 | using the unsplit configuration, generated from |
||
| 96 | /etc/exim4/exim4.conf.template. If you haven't customized that file |
||
| 97 | you could edit /etc/exim4/update-exim4.conf.conf by hand, change the |
||
| 98 | 'false' to 'true' and issue 'update-exim4.conf' as root. Then, check |
||
| 99 | again if the sa-exim module line is included. It should. If it still |
||
| 100 | isn't: mail me. If it is, restart exim4 by issuing 'invoke-rc.d exim4 |
||
| 101 | restart' or '/etc/init.d/exim4 restart' as root. If you *have* |
||
| 102 | customized /etc/exim4/exim4.conf.template, then you'd better stick |
||
| 103 | with the unsplit configuration scheme and add the local_scan_path |
||
| 104 | setting by hand, like with the hand-crafted configuration file. |
||
| 1 | magnus | 105 | |
| 106 | Next, read all about greylisting and sa-exim: |
||
| 107 | |||
| 108 | *************** |
||
| 109 | * GREYLISTING * |
||
| 110 | *************** |
||
| 111 | Notes on greylisting with sa-exim. |
||
| 112 | |||
| 113 | If you use SpamAssassin 3.0 or better, you do not need to patch it, you |
||
| 114 | can just use the Greylisting module shipped with sa-exim. |
||
| 115 | The only thing you need to do to enable it, is to copy the 4 lines below |
||
| 116 | loadplugin in the greylisting README, and adjust the score if you wish (see |
||
| 117 | README.Greylisting for details) |
||
| 118 | |||
| 119 | |||
| 6 | magnus | 120 | If you use a version of SA older than 3.0 (if you are, you really, |
| 121 | really should upgrade!), you will need to patch spamassassin's sources |
||
| 122 | to support greylisting. |
||
| 1 | magnus | 123 | |
| 124 | There are two versions of the patches: |
||
| 125 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.4x.diff |
||
| 126 | This patch can be applied to versions 2.4x of SpamAssassin. Note |
||
| 127 | that this patch is not fully functional anymore, it is just left as |
||
| 128 | a template should you want to backport the current 2.6x patch. |
||
| 129 | That said, you really ought to upgrade SA to 2.6x or 3.x |
||
| 130 | |||
| 131 | - /usr/share/doc/sa-exim/patches/SA-greylisting-2.6.diff |
||
| 132 | This patch can be applied to versions 2.6x of SpamAssassin. |
||
| 133 | |||
| 134 | Please read README.Greylisting for more information on how to enable |
||
| 135 | this feature, and what further changes are needed. |
||
| 136 | Note that this configuration won't be supported in the future, and you |
||
| 137 | are encouraged to upgrade to SA 3.0 or better. |
||
| 138 | |||
| 139 | ************* |
||
| 140 | * BE WARNED * |
||
| 141 | ************* |
||
| 142 | |||
| 143 | By applying these patches, you change the sourcecode of SpamAssassin |
||
| 144 | (again, this is if you use a version of SpamAssassin earlier than 3.0) |
||
| 145 | This also means that when the SpamAssassin package gets upgraded, the |
||
| 146 | changes made by the patch are LOST. |
||
| 147 | This *MIGHT* cause your mail setup to break. It might be best to put |
||
| 148 | SpamAssassin on hold: |
||
| 149 | |||
| 150 | $ echo "spamassassin hold" | dpkg --set-selections |
||
| 151 | |||
| 152 | You can later set it to install again with: |
||
| 153 | |||
| 154 | $ echo "spamassassin install" | dpkg --set-selections |
||
| 6 | magnus | 155 | |
| 156 | |||
| 157 | ********************************** |
||
| 158 | * NOTICE ABOUT SPAMC CONFIG FILE * |
||
| 159 | ********************************** |
||
| 160 | |||
| 161 | Recent versions of spamc can read command-line parameters and switches |
||
| 162 | from a configuration file called /etc/spamassassin/spamc.conf. If that |
||
| 163 | file specifies conflicting options, it will prevent SA-Exim from |
||
| 164 | working. For now, you'll have to make sure that it doesn't. |