X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/185b5456076ca86959643ce2f19c98c0f82f281e..beb15dae3f15ff993556b44897bed035d543c683:/spam.m4

diff --git a/spam.m4 b/spam.m4
index 705fbee..5d72365 100644
--- a/spam.m4
+++ b/spam.m4
@@ -43,17 +43,21 @@ fetch_spam_limit:
 	check_local_user
 	address_data = \
 		${if def:address_data {$address_data}{}} \
-		${if exists {CONF_userconf_dir/spam-limit} \
+		${if and {{!eq{$acl_c_mode}{submission}} \
+			  {exists {CONF_userconf_dir/spam-limit}}} \
 		     {${lookup {$local_part_prefix\
 					$local_part\
 					$local_part_suffix\
 					@$domain/\
 					$sender_address} \
 			       nwildlsearch {CONF_userconf_dir/spam-limit} \
-			       {spam_limit=$value} \
+			       {${if match{$value}{\N^-?[0-9]+$\N} \
+				     {spam_limit=$value} \
+				     {}}} \
 			       {}}} \
 		     {}} \
-		${if exists {CONF_userconf_dir/spam-limit.userv} \
+		${if and {{!eq{$acl_c_mode}{submission}} \
+			  {exists {CONF_userconf_dir/spam-limit.userv}}} \
 		     {${run {timeout 5s -- \
 				userv $local_part exim-spam-limit \
 					$sender_address \
@@ -61,7 +65,7 @@ fetch_spam_limit:
 					$local_part \
 					$local_part_suffix \
 					@$domain} \
-			    {${if match{$value}{\N^[0-9]+$\N} \
+			    {${if match{$value}{\N^-?[0-9]+$\N} \
 				  {spam_limit=$value} \
 				  {}}} \
 			    {}}} \
@@ -72,10 +76,26 @@ SECTION(acl, rcpt-hooks)m4_dnl
 	require	 acl = rcpt_spam
 
 SECTION(acl, misc)m4_dnl
-rcpt_spam:
+skip_spam_check:
 
-	## If the client is trusted, don't bother with any of this.
+	## If the client is trusted, or this is a new submission, don't
+	## bother with any of this.  We will have verified the sender
+	## fairly aggressively before granting this level of trust.
 	accept	 hosts = +trusted
+	accept	 condition = ${if eq{$acl_c_mode}{submission}}
+
+	## Otherwise we should check.
+	deny
+
+rcpt_spam:
+
+	## See if we should do this check.
+	accept	 acl = skip_spam_check
+
+	## Always accept mail to `postmaster'.  Currently this is not
+	## negotiable; maybe a tweak can be added to `domains.conf' if
+	## necessary.
+	accept	 local_parts = postmaster
 
 	## Collect the user's spam threshold from the `address_data'
 	## variable, where it was left by the `fetch_spam_limit' router
@@ -113,8 +133,11 @@ SECTION(acl, data-spam)m4_dnl
 SECTION(acl, misc)m4_dnl
 data_spam:
 
-	## If the client is trusted, don't bother with any of this.
-	accept	 hosts = +trusted
+	## See if we should do this check.
+	accept	 acl = skip_spam_check
+
+	## Check header validity.
+	require	 verify = header_syntax
 
 	## Check the message for spam, comparing to the configured limit.
 	deny	 spam = exim:true
@@ -125,6 +148,7 @@ data_spam:
 	## Insert headers from the spam check now that we've decided to
 	## accept the message.
 	warn
+
 		 ## Convert the limit (currently 10x fixed point) into a
 		 ## decimal for presentation.
 		 set acl_m_spam_limit_presentation = \
@@ -155,7 +179,7 @@ data_spam:
 		 ## their scores.  Leave `<<...>>' around everything else.
 		 set acl_m_spam_tests = \
 			${sg{$acl_m_spam_tests} \
-			    {\N(?s)\n\s*([\d.]+)\s+([-\w]+)\s\N} \
+			    {\N(?s)\n\s*(-?[\d.]+)\s+([-\w]+)\s\N} \
 			    {>>\$2:\$1,<<}}
 
 		 ## Strip everything still in `<<...>>' pairs, including any
@@ -178,7 +202,6 @@ data_spam:
 			limit=$acl_m_spam_limit_presentation, \n\t\
 			tests=$acl_m_spam_tests
 
-
 	## We're good.
 	accept