| 1 | |
| 2 | ### acl/40_exim4-config_check_data |
| 3 | ################################# |
| 4 | |
| 5 | # This ACL is used after the contents of a message have been received. This |
| 6 | # is the ACL in which you can test a message's headers or body, and in |
| 7 | # particular, this is where you can invoke external virus or spam scanners. |
| 8 | |
| 9 | acl_check_data: |
| 10 | |
| 11 | # Deny unless the address list headers are syntactically correct. |
| 12 | # |
| 13 | # If you enable this, you might reject legitimate mail. |
| 14 | .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX |
| 15 | deny |
| 16 | message = Message headers fail syntax check |
| 17 | !acl = acl_local_deny_exceptions |
| 18 | !verify = header_syntax |
| 19 | .endif |
| 20 | |
| 21 | |
| 22 | # require that there is a verifiable sender address in at least |
| 23 | # one of the "Sender:", "Reply-To:", or "From:" header lines. |
| 24 | .ifdef CHECK_DATA_VERIFY_HEADER_SENDER |
| 25 | deny |
| 26 | message = No verifiable sender address in message headers |
| 27 | !acl = acl_local_deny_exceptions |
| 28 | !verify = header_sender |
| 29 | .endif |
| 30 | |
| 31 | |
| 32 | # Deny if the message contains malware. Before enabling this check, you |
| 33 | # must install a virus scanner and set the av_scanner option in the |
| 34 | # main configuration. |
| 35 | # |
| 36 | # exim4-daemon-heavy must be used for this section to work. |
| 37 | # |
| 38 | # deny |
| 39 | # malware = * |
| 40 | # message = This message was detected as possible malware ($malware_name). |
| 41 | |
| 42 | |
| 43 | # Add headers to a message if it is judged to be spam. Before enabling this, |
| 44 | # you must install SpamAssassin. You also need to set the spamd_address |
| 45 | # option in the main configuration. |
| 46 | # |
| 47 | # exim4-daemon-heavy must be used for this section to work. |
| 48 | # |
| 49 | # Please note that this is only suiteable as an example. There are |
| 50 | # multiple issues with this configuration method. For example, if you go |
| 51 | # this way, you'll give your spamassassin daemon write access to the |
| 52 | # entire exim spool which might be a security issue in case of a |
| 53 | # spamassassin exploit. |
| 54 | # |
| 55 | # See the exim docs and the exim wiki for more suitable examples. |
| 56 | # |
| 57 | # warn |
| 58 | # spam = Debian-exim:true |
| 59 | # add_header = X-Spam_score: $spam_score\n\ |
| 60 | # X-Spam_score_int: $spam_score_int\n\ |
| 61 | # X-Spam_bar: $spam_bar\n\ |
| 62 | # X-Spam_report: $spam_report |
| 63 | |
| 64 | |
| 65 | # This hook allows you to hook in your own ACLs without having to |
| 66 | # modify this file. If you do it like we suggest, you'll end up with |
| 67 | # a small performance penalty since there is an additional file being |
| 68 | # accessed. This doesn't happen if you leave the macro unset. |
| 69 | .ifdef CHECK_DATA_LOCAL_ACL_FILE |
| 70 | .include CHECK_DATA_LOCAL_ACL_FILE |
| 71 | .endif |
| 72 | |
| 73 | |
| 74 | # accept otherwise |
| 75 | accept |