conf.d/acl/40_exim4-config_check_data

   1
   2 ### acl/40_exim4-config_check_data
   3 #################################
   4
   5 # This ACL is used after the contents of a message have been received. This
   6 # is the ACL in which you can test a message's headers or body, and in
   7 # particular, this is where you can invoke external virus or spam scanners.
   8
   9 acl_check_data:
  10
  11   # Deny unless the address list headers are syntactically correct.
  12   #
  13   # If you enable this, you might reject legitimate mail.
  14   .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
  15   deny
  16     message = Message headers fail syntax check
  17     !acl = acl_whitelist_local_deny
  18     !verify = header_syntax
  19   .endif
  20
  21
  22   # require that there is a verifiable sender address in at least
  23   # one of the "Sender:", "Reply-To:", or "From:" header lines.
  24   .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
  25   deny
  26     message = No verifiable sender address in message headers
  27     !acl = acl_whitelist_local_deny
  28     !verify = header_sender
  29   .endif
  30
  31
  32   # Deny if the message contains malware. Before enabling this check, you
  33   # must install a virus scanner and set the av_scanner option in the
  34   # main configuration.
  35   #
  36   # exim4-daemon-heavy must be used for this section to work.
  37   #
  38   # deny
  39   #   malware = *
  40   #   message = This message was detected as possible malware ($malware_name).
  41
  42
  43   # Add headers to a message if it is judged to be spam. Before enabling this,
  44   # you must install SpamAssassin. You also need to set the spamd_address
  45   # option in the main configuration.
  46   #
  47   # exim4-daemon-heavy must be used for this section to work.
  48   #
  49   # Please note that this is only suiteable as an example. There are
  50   # multiple issues with this configuration method. For example, if you go
  51   # this way, you'll give your spamassassin daemon write access to the
  52   # entire exim spool which might be a security issue in case of a
  53   # spamassassin exploit.
  54   #
  55   # See the exim docs and the exim wiki for more suitable examples.
  56   #
  57   # warn
  58   #   spam = Debian-exim:true
  59   #   message = X-Spam_score: $spam_score\n\
  60   #             X-Spam_score_int: $spam_score_int\n\
  61   #             X-Spam_bar: $spam_bar\n\
  62   #             X-Spam_report: $spam_report
  63
  64
  65   # This hook allows you to hook in your own ACLs without having to
  66   # modify this file. If you do it like we suggest, you'll end up with
  67   # a small performance penalty since there is an additional file being
  68   # accessed. This doesn't happen if you leave the macro unset.
  69   .ifdef CHECK_DATA_LOCAL_ACL_FILE
  70   .include CHECK_DATA_LOCAL_ACL_FILE
  71   .endif
  72
  73
  74   # accept otherwise
  75   accept