[plug] Spam filtering with Exim

Jeremy Malcolm Jeremy at Malcolm.id.au
Wed May 12 16:23:59 WST 2004 

Here is a brief excerpt from an article that I wrote on spam that didn't 
end up being published but which newbie users may find useful so I'm 
posting it here.

Commencing with version 4.0, Exim supports both DNS-based blacklists and 
filters for the control of spam, although the configuration required in 
each case is slightly different.

To use DNS blacklists, an access control list or ACL is added to Exim's 
configuration file (normally exim.conf).  The section for ACLs in Exim's 
configuration file is indicated by the heading "begin acl", and this in 
turn is divided up into a number of sub-sections indicating checks that 
are to be performed at different stages of the mail delivery process. 
For our purposes, we want to check incoming mail against a DNS blacklist 
as soon as the sending mail server issues an "RCPT" command.  Therefore 
we need to add some lines underneath the "acl_check_rcpt:" subsection of 
the file.  An example of the lines we might use to check spam against 
DNS blacklists is shown below (the \ is a line-continuation character):

deny	message = Access denied - $sender_host_address\
	listed by $dnslist_domain\n$dnslist_text
	dnslists = dnsbl.net.au :\
	abuse.rfc-ignorant.org

This will cause exim to reject mail that is sent from a host listed in 
either the dnsbl.net.au or the abuse.rfc-ignorant.org blacklists, 
returning a message to the sender such as the following:

550-Access denied - 127.0.0.2 listed by dnsbl.net.au
550 Test entry.

Alternatively, you may prefer not to reject the mail outright but 
instead to add an "X-Warning" header to it so that users can filter it 
out or divert it to a different folder.  To do this, you would use lines 
such as the following in place of those given above:

warn	message = X-Warning: $sender_host_address\
	listed by $dnslist_domain
	log_message = Listed by $dnslist_domain
	dnslists = dnsbl.net.au :\
	abuse.rfc-ignorant.org

As noted above, DNS-based blacklists are an incomplete solution for the 
control of spam, and a heuristic or Bayesian filter is a good complement 
to add to your armory.  The most popular Bayesian spam filter available 
is Spam Assassin.  Normally, Spam Assassin is user-level software that 
each user runs on his or her individual mailbox.  We can, however 
integrate Spam Assassin into Exim, so that it automatically filters mail 
for all users of the machine.

There are several ways of accomplishing this.  The preferred methods are 
those which allow you to bounce spam back to the sender before it is 
accepted by your mail server, instead of filtering it out afterwards. 
This cannot be done with the vanilla version of Exim, but there are two 
patched versions of Exim which will allow you to do so.  The first is 
called SA-Exim and is available from 
http://marc.merlins.org/linux/exim/sa.html, and the second is called 
Exiscan which is found at http://duncanthrax.net/exiscan-acl/.

Full details on the installation and configuration of SA-Exim and 
Exiscan are available on the Web sites referenced above, and they are 
also expected to be included in the next release of Debian GNU/Linux, 
respectively under the names sa-exim and exim4-daemon-heavy.

-- 
JEREMY MALCOLM <Jeremy at Malcolm.id.au> Personal: http://www.malcolm.id.au
Providing online networks of Australian lawyers (http://www.ilaw.com.au)
and Linux experts (http://www.linuxconsultants.com.au) for instant help!
Disclaimer: http://www.terminus.net.au/disclaimer.html. GPG key: finger.

More information about the plug mailing list