[hcoop/config/exim.git] / conf.d / acl / 40_exim4-config_check_data


### acl/40_exim4-config_check_data
#################################

# This ACL is used after the contents of a message have been received. This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam scanners.

acl_check_data:

  # Deny if the message contains an overlong line.  Per the standards
  # we should never receive one such via SMTP.
  #
  .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
  deny    message    = maximum allowed line length is 998 octets, \
                       got $max_received_linelength
          condition  = ${if > {$max_received_linelength}{998}}
  .endif

  # Deny if the headers contain badly-formed addresses.
  #
  .ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX
  deny
    !acl = acl_local_deny_exceptions
    !verify = header_syntax
    message = header syntax
    log_message = header syntax ($acl_verify_message)
  .endif


  # require that there is a verifiable sender address in at least
  # one of the "Sender:", "Reply-To:", or "From:" header lines.
  .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  deny
    message = No verifiable sender address in message headers
    !acl = acl_local_deny_exceptions
    !verify = header_sender
  .endif


  # Deny if the message contains malware. Before enabling this check, you
  # must install a virus scanner and set the av_scanner option in the
  # main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  # deny
  #   malware = *
  #   message = This message was detected as possible malware ($malware_name).


  # Add headers to a message if it is judged to be spam. Before enabling this,
  # you must install SpamAssassin. You may also need to set the spamd_address
  # option in the main configuration.
  #
  # exim4-daemon-heavy must be used for this section to work.
  #
  # Please note that this is only suiteable as an example. See
  # /usr/share/doc/exim4-base/README.Debian.gz
  #
  # See the exim docs and the exim wiki for more suitable examples.
  #
  # # Remove internal headers
  # warn
  #   remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \
  #                   X-Spam_report
  #
  # warn
  #   condition = ${if <{$message_size}{120k}{1}{0}}
  #   # ":true" to add headers/acl variables even if not spam
  #   spam = nobody:true
  #   add_header = X-Spam_score: $spam_score
  #   add_header = X-Spam_bar: $spam_bar
  #   # Do not enable this unless you have shorted SpamAssassin's report
  #   #add_header = X-Spam_report: $spam_report
  #
  # Reject spam messages (score >15.0).
  # This breaks mailing list and forward messages.
  # deny
  #   message = Classified as spam (score $spam_score)
  #   condition = ${if <{$message_size}{120k}{1}{0}}
  #   condition = ${if >{$spam_score_int}{150}{true}{false}}


  # This hook allows you to hook in your own ACLs without having to
  # modify this file. If you do it like we suggest, you'll end up with
  # a small performance penalty since there is an additional file being
  # accessed. This doesn't happen if you leave the macro unset.
  .ifdef CHECK_DATA_LOCAL_ACL_FILE
  .include CHECK_DATA_LOCAL_ACL_FILE
  .endif


  # accept otherwise
  accept
Commit	Line	Data
725c9874	1
	2	### acl/40_exim4-config_check_data
	3	#################################
	4
c6ffa96a CE	5	# This ACL is used after the contents of a message have been received. This
	6	# is the ACL in which you can test a message's headers or body, and in
	7	# particular, this is where you can invoke external virus or spam scanners.
	8
725c9874	9	acl_check_data:
725c9874	10
c6ffa96a CE	11	# Deny if the message contains an overlong line. Per the standards
	12	# we should never receive one such via SMTP.
	13	#
	14	.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
	15	deny message = maximum allowed line length is 998 octets, \
	16	got $max_received_linelength
	17	condition = ${if > {$max_received_linelength}{998}}
	18	.endif
	19
7b83f2a3	20	# Deny if the headers contain badly-formed addresses.
725c9874	21	#
7b83f2a3	22	.ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX
725c9874	23	deny
c6ffa96a	24	!acl = acl_local_deny_exceptions
725c9874	25	!verify = header_syntax
7b83f2a3 CE	26	message = header syntax
7b83f2a3 CE	27	log_message = header syntax ($acl_verify_message)
725c9874	28	.endif
	29
	30
	31	# require that there is a verifiable sender address in at least
	32	# one of the "Sender:", "Reply-To:", or "From:" header lines.
	33	.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
	34	deny
	35	message = No verifiable sender address in message headers
c6ffa96a	36	!acl = acl_local_deny_exceptions
725c9874	37	!verify = header_sender
	38	.endif
	39
	40
c6ffa96a CE	41	# Deny if the message contains malware. Before enabling this check, you
	42	# must install a virus scanner and set the av_scanner option in the
	43	# main configuration.
	44	#
	45	# exim4-daemon-heavy must be used for this section to work.
	46	#
	47	# deny
	48	# malware = *
	49	# message = This message was detected as possible malware ($malware_name).
	50
	51
	52	# Add headers to a message if it is judged to be spam. Before enabling this,
7b83f2a3	53	# you must install SpamAssassin. You may also need to set the spamd_address
c6ffa96a CE	54	# option in the main configuration.
	55	#
	56	# exim4-daemon-heavy must be used for this section to work.
	57	#
7b83f2a3 CE	58	# Please note that this is only suiteable as an example. See
7b83f2a3 CE	59	# /usr/share/doc/exim4-base/README.Debian.gz
c6ffa96a CE	60	#
	61	# See the exim docs and the exim wiki for more suitable examples.
	62	#
7b83f2a3	63	# # Remove internal headers
c6ffa96a	64	# warn
7b83f2a3 CE	65	# remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \
	66	# X-Spam_report
	67	#
	68	# warn
	69	# condition = ${if <{$message_size}{120k}{1}{0}}
	70	# # ":true" to add headers/acl variables even if not spam
	71	# spam = nobody:true
	72	# add_header = X-Spam_score: $spam_score
	73	# add_header = X-Spam_bar: $spam_bar
	74	# # Do not enable this unless you have shorted SpamAssassin's report
	75	# #add_header = X-Spam_report: $spam_report
	76	#
	77	# Reject spam messages (score >15.0).
	78	# This breaks mailing list and forward messages.
	79	# deny
	80	# message = Classified as spam (score $spam_score)
	81	# condition = ${if <{$message_size}{120k}{1}{0}}
	82	# condition = ${if >{$spam_score_int}{150}{true}{false}}
c6ffa96a CE	83
c6ffa96a CE	84
725c9874	85	# This hook allows you to hook in your own ACLs without having to
	86	# modify this file. If you do it like we suggest, you'll end up with
	87	# a small performance penalty since there is an additional file being
	88	# accessed. This doesn't happen if you leave the macro unset.
	89	.ifdef CHECK_DATA_LOCAL_ACL_FILE
	90	.include CHECK_DATA_LOCAL_ACL_FILE
	91	.endif
	92
	93
	94	# accept otherwise
	95	accept