Rev 6 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 6 | magnus | 1 | ******************************** |
| 2 | * SHOULD YOU USE THIS PACKAGE? * |
||
| 3 | ******************************** |
||
| 4 | |||
| 5 | Since version 4.50, Exim has the content-scanning extension formerly |
||
| 6 | known as "exiscan" built-in. It has a number of advantages and |
||
| 7 | disadvantages compared to SA-Exim. |
||
| 8 | |||
| 9 | Advantages of built-in content-scanning interface: |
||
| 10 | |||
| 11 | * One less configuration file to edit. |
||
| 12 | * Spam control policy integrates better with Exim's ACL system. |
||
| 13 | * It's possible to tell SA which user to scan for (the -u parameter of |
||
| 14 | spamc). SA-Exim can't do that (yet). |
||
| 15 | * Finer control over the mail header is possible, but not in a clean |
||
| 16 | way (it involves putting all header fields you might possibly want |
||
| 17 | to add in the report template, and using rather complicated |
||
| 18 | expansion expressions to extract the wanted ones from |
||
| 19 | $spam_report). At any rate, you can choose a prefix different from |
||
| 20 | "X-Spam-". |
||
| 21 | |||
| 22 | Advantages of SA-Exim: |
||
| 23 | |||
| 24 | * It is possible to use the report_safe feature, which turns mail |
||
| 25 | deemed to be spam into a message/rfc822 attachment of a report |
||
| 26 | message. (Note however that if you do, then any X-SA-* fields added |
||
| 27 | to help the greylisting module can't be removed.) |
||
| 28 | * All the add_header and rewrite_header options in |
||
| 29 | /etc/spamassassin/local.cf will be obeyed. In other words, |
||
| 30 | everything will be *almost* as if you filtered the mail through |
||
| 31 | spamassassin on the command line. |
||
| 32 | * So-called teergrubing ("tarpitting") is possible in a way that |
||
| 33 | isn't possible with exiscan (I'm not in any way saying that it |
||
| 34 | works as a counterattack against spammers). |
||
| 35 | * You can simply add the sa-exim package to a standard exim4 |
||
| 36 | installation and it should, in principle, instantly work (except |
||
| 37 | you have to uncomment one line in sa-exim.conf). |
||
| 38 | |||
| 39 | Both alternatives enable you to defer, greylist, reject, and blackhole |
||
| 40 | mail, optionally saving copies, at configurable score levels. |
||
| 41 | |||
| 1 | magnus | 42 | ***************** |
| 43 | * CONFIGURATION * |
||
| 44 | ***************** |
||
| 45 | |||
| 46 | This version of the sa-exim package defaults to placing a configuration |
||
| 47 | sniplet in /etc/exim4/conf.d/. Depending on what you have answered to the |
||
| 48 | DebConf questions while configuring Exim4, the module will be loaded |
||
| 49 | automatically, or human intervention is required. |
||
| 50 | |||
| 6 | magnus | 51 | To find out what configuration file Exim4 is using, issue: |
| 1 | magnus | 52 | |
| 53 | $ exim4 -bV | tail -1 |
||
| 54 | Configuration file is /path/to/configfile |
||
| 55 | |||
| 56 | If /path/to/configfile shows: |
||
| 57 | |||
| 58 | - /etc/exim4/exim4.conf |
||
| 6 | magnus | 59 | You are using the hand-crafted configuration file. |
| 60 | See the 'HAND-CRAFTED' section below. |
||
| 1 | magnus | 61 | |
| 62 | - /var/lib/exim4/config.autogenerated |
||
| 6 | magnus | 63 | You are using the debianized configuration scheme - with either |
| 64 | 'split' or 'unsplit' configuration file. |
||
| 65 | See the 'DEBIANIZED' section below. |
||
| 1 | magnus | 66 | |
| 67 | |||
| 6 | magnus | 68 | HAND-CRAFTED |
| 69 | ------------ |
||
| 1 | magnus | 70 | |
| 71 | Use 'grep "local_scan_path" /etc/exim4/exim4.conf" to see if the sa-exim |
||
| 72 | line is included in the configuration. If grep returns something, check |
||
| 73 | if it matches the following line. If grep returns nothing, you have to |
||
| 74 | manually add the following line to the exim4.conf file and restart exim4. |
||
| 75 | |||
| 76 | local_scan_path = /usr/lib/exim4/local_scan/sa-exim.so |
||
| 77 | |||
| 78 | Change or add the line above and manually restart exim4 by issuing |
||
| 6 | magnus | 79 | 'invoke-rc.d exim4 reload' or '/etc/init.d/exim4 reload' as root. |
| 1 | magnus | 80 | |
| 81 | |||
| 6 | magnus | 82 | DEBIANIZED |
| 83 | ---------- |
||
| 1 | magnus | 84 | |
| 6 | magnus | 85 | Use 'grep "local_scan_path" /var/lib/exim4/config.autogenerated' to |
| 86 | see if the sa-exim line is included in the configuration. If grep |
||
| 87 | returns something, you're set and already using the sa-exim module. If |
||
| 88 | grep returns nothing, we need to figure out a few things: |
||
| 1 | magnus | 89 | |
| 90 | Issue: |
||
| 91 | $ grep "use_split_config" /etc/exim4/update-exim4.conf.conf |
||
| 92 | dc_use_split_config='true' |
||
| 93 | |||
| 6 | magnus | 94 | If your result shows 'false' where mine shows 'true', then you're |
| 95 | using the unsplit configuration, generated from |
||
| 96 | /etc/exim4/exim4.conf.template. If you haven't customized that file |
||
| 97 | you could edit /etc/exim4/update-exim4.conf.conf by hand, change the |
||
| 98 | 'false' to 'true' and issue 'update-exim4.conf' as root. Then, check |
||
| 99 | again if the sa-exim module line is included. It should. If it still |
||
| 100 | isn't: mail me. If it is, restart exim4 by issuing 'invoke-rc.d exim4 |
||
| 101 | restart' or '/etc/init.d/exim4 restart' as root. If you *have* |
||
| 102 | customized /etc/exim4/exim4.conf.template, then you'd better stick |
||
| 103 | with the unsplit configuration scheme and add the local_scan_path |
||
| 104 | setting by hand, like with the hand-crafted configuration file. |
||
| 1 | magnus | 105 | |
| 106 | Next, read all about greylisting and sa-exim: |
||
| 107 | |||
| 108 | *************** |
||
| 109 | * GREYLISTING * |
||
| 110 | *************** |
||
| 111 | Notes on greylisting with sa-exim. |
||
| 112 | |||
| 113 | If you use SpamAssassin 3.0 or better, you do not need to patch it, you |
||
| 114 | can just use the Greylisting module shipped with sa-exim. |
||
| 115 | The only thing you need to do to enable it, is to copy the 4 lines below |
||
| 116 | loadplugin in the greylisting README, and adjust the score if you wish (see |
||
| 46 | magnus | 117 | README.Greylisting for details). |
| 1 | magnus | 118 | |
| 46 | magnus | 119 | *********************************** |
| 120 | * PROBLEMS WITH BAYES AUTO-EXPIRY * |
||
| 121 | *********************************** |
||
| 1 | magnus | 122 | |
| 46 | magnus | 123 | When scanning mail during the SMTP dialogue there is somewhat limited |
| 124 | time before the remote host gives up, even if they should wait for at |
||
| 125 | least ten minutes. To avoid Exim returning a temporary error status, |
||
| 126 | or the remote host giving up prematurely and in some cases for good, |
||
| 127 | SA-Exim overrides Exim's timeout handler and accepts the message if |
||
| 128 | SpamAssassin takes too long, by default 240 seconds. |
||
| 1 | magnus | 129 | |
| 46 | magnus | 130 | Using SpamAssassin's Bayesian learning module means that it will |
| 131 | automatically expire old tokens when its database has grown too large. |
||
| 132 | That can take several minutes. If it takes too long, SA-Exim will |
||
| 133 | abort it, meaning that SpamAssassin will run auto-expiry again next |
||
| 134 | time, and be aborted, and so on... |
||
| 1 | magnus | 135 | |
| 46 | magnus | 136 | If this happens, you have a few remedies: |
| 1 | magnus | 137 | |
| 46 | magnus | 138 | 1) Set SAtimeout to a higher value in /etc/exim4/sa-exim.conf. |
| 1 | magnus | 139 | |
| 46 | magnus | 140 | 2) Run sa-learn --force-expire periodically. How you run it depends on |
| 141 | how you've configured SpamAssassin. Running it as Debian-exim may |
||
| 142 | be sufficient. |
||
| 1 | magnus | 143 | |
| 46 | magnus | 144 | 2 a) In addition, you can add |
| 1 | magnus | 145 | |
| 46 | magnus | 146 | bayes_auto_expire 0 |
| 1 | magnus | 147 | |
| 46 | magnus | 148 | to /etc/spamassassin/local.cf. This may not be a good idea if |
| 149 | SpamAssassin, for whatever reason, is also used as a more |
||
| 150 | traditional filter from e.g. .procmailrc, as all users will need to |
||
| 151 | run sa-learn --force-expire then. |
||
| 1 | magnus | 152 | |
| 46 | magnus | 153 | 2 b) If you get a lot of mail, consider adding |
| 6 | magnus | 154 | |
| 46 | magnus | 155 | bayes_learn_to_journal 1 |
| 6 | magnus | 156 | |
| 46 | magnus | 157 | to local.cf. See the Mail::SpamAssassin::Conf(3) manual page for |
| 158 | more information. |
||
| 159 | |||
| 6 | magnus | 160 | ********************************** |
| 161 | * NOTICE ABOUT SPAMC CONFIG FILE * |
||
| 162 | ********************************** |
||
| 163 | |||
| 164 | Recent versions of spamc can read command-line parameters and switches |
||
| 165 | from a configuration file called /etc/spamassassin/spamc.conf. If that |
||
| 166 | file specifies conflicting options, it will prevent SA-Exim from |
||
| 167 | working. For now, you'll have to make sure that it doesn't. |
||
| 46 | magnus | 168 | |
| 169 | -- Magnus Holmgren <holmgren@debian.org>, Tue, 24 Jun 2008 14:27:59 +0200 |