| 1 | |
| 2 | ### acl/40_exim4-config_check_data |
| 3 | ################################# |
| 4 | |
| 5 | # This ACL is used after the contents of a message have been received. This |
| 6 | # is the ACL in which you can test a message's headers or body, and in |
| 7 | # particular, this is where you can invoke external virus or spam scanners. |
| 8 | |
| 9 | acl_check_data: |
| 10 | |
| 11 | # Deny if the message contains an overlong line. Per the standards |
| 12 | # we should never receive one such via SMTP. |
| 13 | # |
| 14 | .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT |
| 15 | deny message = maximum allowed line length is 998 octets, \ |
| 16 | got $max_received_linelength |
| 17 | condition = ${if > {$max_received_linelength}{998}} |
| 18 | .endif |
| 19 | |
| 20 | # Deny if the headers contain badly-formed addresses. |
| 21 | # |
| 22 | .ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX |
| 23 | deny |
| 24 | !acl = acl_local_deny_exceptions |
| 25 | !verify = header_syntax |
| 26 | message = header syntax |
| 27 | log_message = header syntax ($acl_verify_message) |
| 28 | .endif |
| 29 | |
| 30 | |
| 31 | # require that there is a verifiable sender address in at least |
| 32 | # one of the "Sender:", "Reply-To:", or "From:" header lines. |
| 33 | .ifdef CHECK_DATA_VERIFY_HEADER_SENDER |
| 34 | deny |
| 35 | message = No verifiable sender address in message headers |
| 36 | !acl = acl_local_deny_exceptions |
| 37 | !verify = header_sender |
| 38 | .endif |
| 39 | |
| 40 | |
| 41 | # Deny if the message contains malware. Before enabling this check, you |
| 42 | # must install a virus scanner and set the av_scanner option in the |
| 43 | # main configuration. |
| 44 | # |
| 45 | # exim4-daemon-heavy must be used for this section to work. |
| 46 | # |
| 47 | # deny |
| 48 | # malware = * |
| 49 | # message = This message was detected as possible malware ($malware_name). |
| 50 | |
| 51 | |
| 52 | # Add headers to a message if it is judged to be spam. Before enabling this, |
| 53 | # you must install SpamAssassin. You may also need to set the spamd_address |
| 54 | # option in the main configuration. |
| 55 | # |
| 56 | # exim4-daemon-heavy must be used for this section to work. |
| 57 | # |
| 58 | # Please note that this is only suiteable as an example. See |
| 59 | # /usr/share/doc/exim4-base/README.Debian.gz |
| 60 | # |
| 61 | # See the exim docs and the exim wiki for more suitable examples. |
| 62 | # |
| 63 | # # Remove internal headers |
| 64 | # warn |
| 65 | # remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \ |
| 66 | # X-Spam_report |
| 67 | # |
| 68 | # warn |
| 69 | # condition = ${if <{$message_size}{120k}{1}{0}} |
| 70 | # # ":true" to add headers/acl variables even if not spam |
| 71 | # spam = nobody:true |
| 72 | # add_header = X-Spam_score: $spam_score |
| 73 | # add_header = X-Spam_bar: $spam_bar |
| 74 | # # Do not enable this unless you have shorted SpamAssassin's report |
| 75 | # #add_header = X-Spam_report: $spam_report |
| 76 | # |
| 77 | # Reject spam messages (score >15.0). |
| 78 | # This breaks mailing list and forward messages. |
| 79 | # deny |
| 80 | # message = Classified as spam (score $spam_score) |
| 81 | # condition = ${if <{$message_size}{120k}{1}{0}} |
| 82 | # condition = ${if >{$spam_score_int}{150}{true}{false}} |
| 83 | |
| 84 | |
| 85 | # This hook allows you to hook in your own ACLs without having to |
| 86 | # modify this file. If you do it like we suggest, you'll end up with |
| 87 | # a small performance penalty since there is an additional file being |
| 88 | # accessed. This doesn't happen if you leave the macro unset. |
| 89 | .ifdef CHECK_DATA_LOCAL_ACL_FILE |
| 90 | .include CHECK_DATA_LOCAL_ACL_FILE |
| 91 | .endif |
| 92 | |
| 93 | |
| 94 | # accept otherwise |
| 95 | accept |