Fri Sep 3 19:33:29 BST 2010

| home | dvd_avi | exim | links | other | proxy | running | services | webmail | webmailSE |

exim_commands
exim_compiling
exim_conf
exim_configuration
exim_encryption
exim_gui
exim_redhat
exim_spamassassin
mail
mail_filtering

Mail Filtering
Exim filtering may be done using a number of methods, those to be covered here are SpamAssassin, exim filter. Exiscan is not covered; however it is easy to install and works very well to scan for virii. It must be stated that the exim filter has filtered 100% of virii before the emails got through to the virus scanner. This does not count virii within zip files.

SpamAssassin
SpamAssassin is a standard package as part of Red Hat 8.0 and Red Hat 9.0. Once SpamAssassin is installed exim should be configured by entering the following SpamAssassin details as the first entry in transports.

SpamAssassin will work 'out of the box'; however additional configuration may be done in the file: /etc/mail/spamassassin/local.cf

Exim filter
The filter file, available from the link above is configured with the following option, placed in the top of the /etc/exim.conf file:
system_filter = /etc/mail/exim.filter
system_filter_user = exim

The system filter file should be copied to /etc/mail/exim.filter. It contains lots of comments and may be altered according to your sites needs.

Exim ACL
# Reject typically wormish file extensions. There is almost no
# sense in sending such files by email.
warn message = This message contains an unwanted file extension ($found_extension)
demime = bat : lnk : xls : mov : pif : vbe : vbs : exe : scr : avi : doc
control = freeze

Once you have them all frozen, you can inspect messages individually on the command line using for example "exim -Mvh messageID" to inspect the headers.

If for example you have come under a spam dictionary attack and have a lot of messages frozen then you could use the following:
for i in `exim -bp |grep frozen |awk '{print $3 }'`;do echo "bouncing $i";exim -Mg $i;done
Please note that the back ticks before the first exim are found under Esc at the top left of a UK keyboard and is not a single inverted comma. In addition you do need the done at the end of the line too :-).

You could also substitute the word frozen to hotmail and bounce all the spam from a hotmail spammer that are currently in the queue.

| home | files | web_gui |


Valid HTML 4.01! Creative Commons License
This website is licensed under a Creative Commons License.