remote_smtp and SA Options

[Ashley]

Hi

I have a server setup using your tutorial and it does a great job of removing spam however I do forward a few domains to exchange servers and would like to have the same rules applied, is there any way to do this?

This is how I route domains in the Routers config :

static_route:
driver = manualroute
condition = "${perl{checkspam}}" # have just added this but it doesnt' seem to do anything
transport = remote_smtp
route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}

Could I just get SA to scan the mqueue spool? if so how do I do this.

Thanks

Ash




ACL below for ref
################################

#!!# ACL that is used after the RCPT command
check_recipient:

accept hosts = :

drop hosts = /etc/exim_deny
!hosts = /etc/exim_deny_whitelist
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
!hosts = +relay_hosts
!authenticated = *


drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
!hosts = /etc/exim_deny_whitelist
!hosts = +relay_hosts
!authenticated = *



# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}


# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}

accept condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}_${lc:$domain}/config.pck}}} \
{yes}{no}}


# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.

deny message = Bad HELO: Empty HELO, please see RFC 2821 section 4.1.1.1
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = 3s


# Forged hostname -HELOs as one of my own IPs
# Forged HELO (our ip/hostname)

deny message = Forged HELO: you are not $sender_helo_name as that is our IP Address and you are not allowed to use it in HELO/EHLO as per RFC Standards.
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = 3s

#Forged hostname - HELOs as my own hostname or domain

deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC Standards.

# accept helo which is in local_domain if we relay or had smtp auth
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{yes}{no}}
delay = 3s


# Hacked HELO (DOMAIN.com) (constructed by viruses)

deny message = Hacked HELO: you are not $sender_helo_name
condition = ${if match {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$\N}{yes}{no}}
condition = ${if match {$sender_helo_name}{\N^[0-9]+\.[a-z]+$\N}{no}{yes}}
!hosts = @[]
!hosts = +rv_relay_hosts
!authenticated = *
delay = 3s


#if it gets here it isn't mailman

#sender verifications are required for all messages that are not sent to lists

require verify = sender/callout
accept domains = +local_domains
endpass

#recipient verifications are required for all messages that are not sent to the local machine
#this was done at multiple users requests

message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
verify = recipient

accept domains = +relay_domains

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.


#!!# ACL that is used after the DATA command
check_message:
require verify = header_sender

##
# Reject messages with serious MIME container errors
##
deny message = This message contains malformed MIME ($demime_reason).
demime = *
condition = ${if >{$demime_errorlevel}{2}{1}{0}}


# Reject messages attach attach a file with a CLSID in the name
# which causes Windows to hide the file extension.

deny message = Hiding of file extensions(CLSID hidden) is not allowed.
regex = ^(?i)Content-Disposition:.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$


# Reject messages attach illegal extension files

deny message = We do not accept ".$found_extension" attachments here. If you meant to send this file then please package it up as a zip file and resend it.

# You might need to remove some of these extensions if you want to allow your user get these files

demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mde:msc:
si:msp:pcd:pif:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc


# Reject email contains Virus

deny message = This message contains a virus or other harmful content ($malware_name)
demime = *
malware = */defer_ok


# Add X-Scanned Header

warn message = X-Antivirus-Scanner: Clean mail but you should still use Antivirus


# Messages larger than 200k are accepted without spam scanning to reduce spamd load
accept condition = ${if >{$message_size}{200k}{true}}


# Reject spam messages with score over 15.
# Keep in mind that $spam_score_int is the messages score multiplied by ten.

deny message = Spam score too high ($spam_score)
# Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist
spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{150}{1}{0}}


# Add a warning header if email scored between 12 and 15.
# Delete email in the System Filter File, if sender or receiver is not listed in the whitelists.

warn message = X-Exiscan-SA-Spam: Yes

# Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist

spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{120}{1}{0}}


# Rewrite subject if email scored between 9 and 15.

# Always put X-Spam-Score header in the message.
# It looks like this:
# X-Exiscan-SA-Score: 6.6 (++++++)
# When a MUA cannot match numbers, it can match for an
# equivalent number of '+' signs.

warn message = X-Exiscan-SA-Score: $spam_score ($spam_bar)\

# Put X-Spam-Report header in the message.
# This is a multiline header that informs the user
# which tests a message has "hit", and how much a
# test has contributed to the score.

\nX-Exiscan-SA-Report: $spam_report\

# For the subject tag, we prepare a new subject header in the
# ACL, then swap it with the original Subject in the system filter.

\nX-Exiscan-SA-New-Subject: *SPAM* $h_subject:

# Bypass Sender that usually send a lot of emails to reduce spamd load !senders = +rv_spam_sender_address_whitelist

spam = mailnull:true/defer_ok
condition = ${if >{$spam_score_int}{90}{1}{0}}

accept

[pairote]

According to your ACL, email is scanned at the RCPT and DATA process before going to the router state. You don't need to do anything in static_route.