X-Git-Url: https://git.distorted.org.uk/~mdw/exim-config/blobdiff_plain/1e5ccd7c52be79d1de45691a0bb46cbb1a686bf0..2d3b825d0876f639b68ee1d0cb5c356f7268991c:/spam.m4 diff --git a/spam.m4 b/spam.m4 index a1134e5..c51bc36 100644 --- a/spam.m4 +++ b/spam.m4 @@ -49,20 +49,24 @@ m4_define(<:SPAMLIMIT_ROUTER:>, m4_define(<:SPAMLIMIT_SET:>, <:address_data = \ ${if def:address_data {$address_data}{}} \ - $1:>) + m4_ifelse(<:$2:>, <::>, <::>, <:$2 \ + :>)$1:>) m4_define(<:SPAMLIMIT_LOOKUP:>, <:condition = ${if exists{$1}} - SPAMLIMIT_SET(<:${lookup {$2$3$4@$5/$6} nwildlsearch {$1} \ - {SPAMLIMIT_CHECK($value)}}:>):>) + SPAMLIMIT_SET(<:${lookup {$2@$3/$4} nwildlsearch {$1} \ + {SPAMLIMIT_CHECK(<:$value:>)}}:>, <:$5:>):>) m4_define(<:SPAMLIMIT_USERV:>, <:SPAMLIMIT_SET(<:${run {/usr/bin/timeout 5s \ - userv CONF_userv_opts \ + /usr/bin/userv CONF_userv_opts \ SHQUOTE($1) exim-spam-limit \ - SHQUOTE($6) SHQUOTE($2) SHQUOTE($3) \ - SHQUOTE($4) SHQUOTE(@$5)} \ - {SPAMLIMIT_CHECK($value)}}:>):>) + SHQUOTE($4) \ + SHQUOTE($2) SHQUOTE(@$3)} \ + {SPAMLIMIT_CHECK(<:$value:>)}}:>, <:$5:>):>) + +m4_define(<:GET_ADDRDATA:>, + <:extract{<:$1:>}{${if def:address_data{$address_data}{}}}:>) SECTION(global, policy)m4_dnl spamd_address = CONF_spamd_address CONF_spamd_port @@ -113,12 +117,17 @@ rcpt_spam: ## during recipient verification. (This just saves duplicating this ## enormous expression.) warn set acl_m_this_spam_limit = \ - ${sg {${extract {spam_limit} \ - {${if def:address_data \ - {$address_data}{}}} \ - {$value}{nil}}} \ + ${sg {${GET_ADDRDATA(spam_limit){$value}{nil}}} \ {^(|.*\\D.*)\$}{CONF_spam_max}} + warn condition = ${GET_ADDRDATA(user){true}{false}} + set acl_m_spam_users = \ + ${if def:acl_m_spam_users {$acl_m_spam_users::}{}}\ + ${GET_ADDRDATA(user) \ + {$value=${sg{$local_part@$domain}\ + {([!:])}{!\$1}}} \ + fail} + ## If there's a spam limit already established, and it's different ## from this user's limit, then the sender will have to try this user ## again later. @@ -137,7 +146,7 @@ rcpt_spam: ## All done. accept -SECTION(acl, data-spam)m4_dnl +SECTION(acl, data-hooks)m4_dnl ## Do spam checking. require acl = data_spam @@ -151,13 +160,9 @@ data_spam: require verify = header_syntax ## Check the message for spam, comparing to the configured limit. - deny spam = exim:true - message = Tinned meat product detected ($spam_score) - condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \ - {true}{false}} + warn spam = exim:true - ## Insert headers from the spam check now that we've decided to - ## accept the message. + ## Format some reporting stuff. warn ## Convert the limit (currently 10x fixed point) into a @@ -204,7 +209,21 @@ data_spam: ## Undo the escaping. set acl_m_spam_tests = ${sg{$acl_m_spam_tests}{!(.)}{\$1}} - ## Insert the headers. + ## If we've decided to reject, then leave a dropping in the log file + ## so that users can analyse rejections for incoming messages, and + ## tell the sender to get knotted. + deny message = Tinned meat product detected ($spam_score) + log_message = Spam rejection \ + score=$spam_score \ + limit=$acl_m_spam_limit_presentation \ + tests=$acl_m_spam_tests \ + users=$acl_m_spam_users + condition = ${if >{$spam_score_int}{$acl_m_spam_limit} \ + {true}{false}} + + ## Insert headers from the spam check now that we've decided to + ## accept the message. + warn ADD_HEADER(<:X-CONF_header_token-SpamAssassin-Score: \ $spam_score/$acl_m_spam_limit_presentation \ ($spam_bar):>)