Mailing List Archive: exim: users

Exim before-queue filtering?

Index | Next | Previous | View Threaded

mangoo at wpkg

Mar 29, 2009, 3:28 PM

Post #1 of 20 (1257 views)
Permalink

Exim before-queue filtering?

With Postfix, it is possible to do "before-queue filtering"[1] (where
mail is accepted only when filtering says it's OK).

Can I make a similar setup with Exim? If yes, could you point me to Exim
documentation describing such setup?

[1] http://www.postfix.org/SMTPD_PROXY_README.html

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

Mar 29, 2009, 4:38 PM

Post #2 of 20 (1205 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:
> With Postfix, it is possible to do "before-queue filtering"[1] (where
> mail is accepted only when filtering says it's OK).
>
> Can I make a similar setup with Exim? If yes, could you point me to Exim
> documentation describing such setup?
>
>
> [1] http://www.postfix.org/SMTPD_PROXY_README.html
>
>

Essentially ALL of it.

Exim's 'acl' case structures do the bulk of the work.

Exim's historical advantage is the ability to do all manner of
conditional testing DURING the smtp phases, beginning with 'connect'.

'system filters' also exist, as do router/transport conditionals, from
simple to very complex, but most of us do the bulk of the work in acl's
so as to intercept and shed bad-actors as early as possible, with use of
as meagre resource load as can be, and with greatly reduced (even NO)
need to generate post-smtp-session DSN's.

Exim impelements a whole different mindset from Postfix, so job one is
to NOT try to apply Postfix ways to Exim - it will just slow you down.

HTH,

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jun 30, 2009, 1:23 PM

Post #3 of 20 (1075 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

W B Hacker wrote:
> Tomasz Chmielewski wrote:
>> With Postfix, it is possible to do "before-queue filtering"[1] (where
>> mail is accepted only when filtering says it's OK).
>>
>> Can I make a similar setup with Exim? If yes, could you point me to Exim
>> documentation describing such setup?
>>
>>
>> [1] http://www.postfix.org/SMTPD_PROXY_README.html
>>

> Essentially ALL of it.
>
> Exim's 'acl' case structures do the bulk of the work.
>
> Exim's historical advantage is the ability to do all manner of
> conditional testing DURING the smtp phases, beginning with 'connect'.
>
> 'system filters' also exist, as do router/transport conditionals, from
> simple to very complex, but most of us do the bulk of the work in acl's
> so as to intercept and shed bad-actors as early as possible, with use of
> as meagre resource load as can be, and with greatly reduced (even NO)
> need to generate post-smtp-session DSN's.
>
> Exim impelements a whole different mindset from Postfix, so job one is
> to NOT try to apply Postfix ways to Exim - it will just slow you down.

OK, could you give me some examples here? Or point me to documentation
which deals with it?

With such setup:

begin routers

amavis:
driver = manualroute
condition = "${if eq {$interface_port}{10025} {0}{1}}"
domains = +local_domains
transport = amavis
route_list = "* localhost byname"
self = send

begin transports

amavis:
driver = smtp
port = 10024
allow_localhost

Exim will accept any virus/spam, then pass it to amavis - and try to
send the bounce (to the non-existing address).

What should I do so that Exim first passes the message to amavis, and
only says OK to the remote server if amavis says the message was clean?

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

chris.laif at googlemail

Jun 30, 2009, 1:43 PM

Post #4 of 20 (1075 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

On Tue, Jun 30, 2009 at 10:23 PM, Tomasz Chmielewski<mangoo[at]wpkg.org> wrote:
> OK, could you give me some examples here? Or point me to documentation
> which deals with it?
>

http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html

Chris

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jun 30, 2009, 2:02 PM

Post #5 of 20 (1076 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Chris Laif wrote:
> On Tue, Jun 30, 2009 at 10:23 PM, Tomasz Chmielewski<mangoo[at]wpkg.org> wrote:
>> OK, could you give me some examples here? Or point me to documentation
>> which deals with it?
>>
>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html

Thanks for the link, but it's still a unclear for me how to do it?

Perhaps I'm thinking too much in a Postfix way, but I'm unable to
produce a working setup to pass the message to amavis _before_ it's
accepted by Exim.

Could anyone give a working example of Exim with amavisd-new, where the
spam/virus message is rejected during the connection?

begin routers

amavis:
driver = manualroute
condition = "${if eq {$interface_port}{10025} {0}{1}}"
domains = +local_domains
transport = amavis
route_list = "* localhost byname"
self = send

begin transports

amavis:
driver = smtp
port = 10024
allow_localhost

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

Jun 30, 2009, 3:21 PM

Post #6 of 20 (1076 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:
> Chris Laif wrote:
>> On Tue, Jun 30, 2009 at 10:23 PM, Tomasz Chmielewski<mangoo[at]wpkg.org> wrote:
>>> OK, could you give me some examples here? Or point me to documentation
>>> which deals with it?
>>>
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html
>
> Thanks for the link, but it's still a unclear for me how to do it?
>
> Perhaps I'm thinking too much in a Postfix way, but I'm unable to
> produce a working setup to pass the message to amavis _before_ it's
> accepted by Exim.

Read up on Exim's use of the 'acl'.

Look at examples on acl_smtp_data wherein mime checking is done and messages are
handed-off to ClamAV, Kaspersky, F-prot, Sophos, and/or SpamAssassin, their
'opinion' awaited, then the messages either passed clean, passed with 'demerits'
and potential quarantine, or rejected as malware / spam.

All this is DURING the smtp session.

I can't personally tell you where to fit Amavisd, as I've never used it.

But Google turns up over 100,000 hits for 'Amavisd with Exim' so there must be
at least ten decent examples in there somewhere.

Go have a look....

If Amavisd cannot be used in-session, then move up to one of the above that can be.

Bill

>
> Could anyone give a working example of Exim with amavisd-new, where the
> spam/virus message is rejected during the connection?
>
>
> begin routers
>
> amavis:
> driver = manualroute
> condition = "${if eq {$interface_port}{10025} {0}{1}}"
> domains = +local_domains
> transport = amavis
> route_list = "* localhost byname"
> self = send
>
>
> begin transports
>
> amavis:
> driver = smtp
> port = 10024
> allow_localhost
>
>
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jun 30, 2009, 3:38 PM

Post #7 of 20 (1076 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

W B Hacker wrote:
> Tomasz Chmielewski wrote:
>> Chris Laif wrote:
>>> On Tue, Jun 30, 2009 at 10:23 PM, Tomasz Chmielewski<mangoo[at]wpkg.org> wrote:
>>>> OK, could you give me some examples here? Or point me to documentation
>>>> which deals with it?
>>>>
>>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html
>> Thanks for the link, but it's still a unclear for me how to do it?
>>
>> Perhaps I'm thinking too much in a Postfix way, but I'm unable to
>> produce a working setup to pass the message to amavis _before_ it's
>> accepted by Exim.
>
> Read up on Exim's use of the 'acl'.
>
> Look at examples on acl_smtp_data wherein mime checking is done and messages are
> handed-off to ClamAV, Kaspersky, F-prot, Sophos, and/or SpamAssassin, their
> 'opinion' awaited, then the messages either passed clean, passed with 'demerits'
> and potential quarantine, or rejected as malware / spam.

"av_scanner = clamd:..." is passing through a virus scanner, clamd in
this case. It has lots of other virus scanners, but no amavis option.

The only thing which comes close is "cmdline", but amavis can be set up
on a different host, so it's also not this.

"spamd_address = ..." passed the message to spamd - also not what I want.

amavisd will pass the message to clamdscan and spamassassin itself, and
offer some more goodies.

> I can't personally tell you where to fit Amavisd, as I've never used it.
>
> But Google turns up over 100,000 hits for 'Amavisd with Exim' so there must be
> at least ten decent examples in there somewhere.

Exactly.
It gives lots of hits, but all the searches I checked suggest a wrong
approach (accepting mail before checking if it's virus, spam or ham).

> If Amavisd cannot be used in-session, then move up to one of the above that can be.

It can be used, at least with Postfix.

With Exim, I'm scratching my head, but I'm not able to use amavisd-new
in a useful way.

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim.list at daevel

Jun 30, 2009, 3:39 PM

Post #8 of 20 (1076 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Hi,

I don't know if this will help, but in the default Debian configuration
there is this statement, in their "acl_check_data" :

# Deny if the message contains malware. Before enabling this check, you
# must install a virus scanner and set the av_scanner option in the
# main configuration.
#
deny
malware = *
message = This message was detected as possible malware
($malware_name).

Olivier

W B Hacker a �crit :
> Tomasz Chmielewski wrote:
>
>> Chris Laif wrote:
>>
>>> On Tue, Jun 30, 2009 at 10:23 PM, Tomasz Chmielewski<mangoo[at]wpkg.org> wrote:
>>>
>>>> OK, could you give me some examples here? Or point me to documentation
>>>> which deals with it?
>>>>
>>>>
>>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html
>>>
>> Thanks for the link, but it's still a unclear for me how to do it?
>>
>> Perhaps I'm thinking too much in a Postfix way, but I'm unable to
>> produce a working setup to pass the message to amavis _before_ it's
>> accepted by Exim.
>>
>
> Read up on Exim's use of the 'acl'.
>
> Look at examples on acl_smtp_data wherein mime checking is done and messages are
> handed-off to ClamAV, Kaspersky, F-prot, Sophos, and/or SpamAssassin, their
> 'opinion' awaited, then the messages either passed clean, passed with 'demerits'
> and potential quarantine, or rejected as malware / spam.
>
> All this is DURING the smtp session.
>
> I can't personally tell you where to fit Amavisd, as I've never used it.
>
> But Google turns up over 100,000 hits for 'Amavisd with Exim' so there must be
> at least ten decent examples in there somewhere.
>
> Go have a look....
>
> If Amavisd cannot be used in-session, then move up to one of the above that can be.
>
> Bill
>
>
>
>> Could anyone give a working example of Exim with amavisd-new, where the
>> spam/virus message is rejected during the connection?
>>
>>
>> begin routers
>>
>> amavis:
>> driver = manualroute
>> condition = "${if eq {$interface_port}{10025} {0}{1}}"
>> domains = +local_domains
>> transport = amavis
>> route_list = "* localhost byname"
>> self = send
>>
>>
>> begin transports
>>
>> amavis:
>> driver = smtp
>> port = 10024
>> allow_localhost
>>
>>
>>
>>
>
>
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

Jun 30, 2009, 6:29 PM

Post #9 of 20 (1071 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:

*snip*

> amavisd will pass the message to clamdscan and spamassassin itself, and
> offer some more goodies.
>

If amavis is primarily a 'dispatcher' maybe that's why it is hard to find examples.

Exim has long had the ability to hand-off to ClAmAV, Sophos, et al, and
SpamAssassin 'built -in'. Needs no 'government worker' overhead.

It almost certainly has the other 'goodies' built-in as well.

Nothing wrong with Postfix - but it is about as close as it comes to a 'pure'
smtp critter, so it DOES lay-off most of hte 'extras' to post-session worker bees.

With Exim, smtp is just the sharp point of a whole arsenal of tools.

Suggest you forget amavis and JFDI the Exim way. Essentially 100% 'in-session'.

>
>> I can't personally tell you where to fit Amavisd, as I've never used it.
>>
>> But Google turns up over 100,000 hits for 'Amavisd with Exim' so there must be
>> at least ten decent examples in there somewhere.
>
> Exactly.
> It gives lots of hits, but all the searches I checked suggest a wrong
> approach (accepting mail before checking if it's virus, spam or ham).
>

See above. IF you want to do that, you can use *anything*.

>
>> If Amavisd cannot be used in-session, then move up to one of the above that can be.
>
> It can be used, at least with Postfix.

So .... feel free to use it with Postfix. No one here will stop you.

;-)

>
> With Exim, I'm scratching my head, but I'm not able to use amavisd-new
> in a useful way.
>
>

... but what is your goal?

'Use Amavisd-new' or handle mail in a sophisticated and elegant manner?

I can still find wooden matches, but prefer to ignite the burners on the gas
cookers with the built-in piezo spark...

;-)

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jun 30, 2009, 11:51 PM

Post #10 of 20 (1064 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

W B Hacker wrote:

>> amavisd will pass the message to clamdscan and spamassassin itself, and
>> offer some more goodies.
>>
>
> If amavis is primarily a 'dispatcher' maybe that's why it is hard to find examples.
>
> Exim has long had the ability to hand-off to ClAmAV, Sophos, et al, and
> SpamAssassin 'built -in'. Needs no 'government worker' overhead.
>
> It almost certainly has the other 'goodies' built-in as well.

Just off my head: can Exim store quarantine in a database? So that it
can be accessed later by users from a web interface (pointers to working
software would be welcome if it's possible)?

Can I monitor filtering with SNMP?

> Nothing wrong with Postfix - but it is about as close as it comes to a 'pure'
> smtp critter, so it DOES lay-off most of hte 'extras' to post-session worker bees.
>
> With Exim, smtp is just the sharp point of a whole arsenal of tools.
>
> Suggest you forget amavis and JFDI the Exim way. Essentially 100% 'in-session'.

I would, but it doesn't have all features I want.

(...)

> See above. IF you want to do that, you can use *anything*.

Anything, but amavis (amavisd-new) during the session ;)

>>> If Amavisd cannot be used in-session, then move up to one of the above that can be.
>> It can be used, at least with Postfix.
>
> So .... feel free to use it with Postfix. No one here will stop you.

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

chris at qwirx

Jul 1, 2009, 1:29 AM

Post #11 of 20 (1048 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Hi Tomasz,

On Wed, 1 Jul 2009, Tomasz Chmielewski wrote:

>>> Perhaps I'm thinking too much in a Postfix way, but I'm unable to
>>> produce a working setup to pass the message to amavis _before_ it's
>>> accepted by Exim.
>>
>> Look at examples on acl_smtp_data wherein mime checking is done and messages are
>> handed-off to ClamAV, Kaspersky, F-prot, Sophos, and/or SpamAssassin, their
>> 'opinion' awaited, then the messages either passed clean, passed with 'demerits'
>> and potential quarantine, or rejected as malware / spam.
>
> "av_scanner = clamd:..." is passing through a virus scanner, clamd in
> this case. It has lots of other virus scanners, but no amavis option.
>
> The only thing which comes close is "cmdline", but amavis can be set up
> on a different host, so it's also not this.

But you don't have to run Amavis on a different host, you can run it on
the same host. Or you can use a network client like the amavis equivalent
of spamc to have amavis scan the email remotely. You may need to write
one if it doesn't exist already. It only has to attempt to send the
messaage by SMTP to Amavis and return an error if Amavis refuses the
message.

Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users at lists

Jul 1, 2009, 1:30 AM

Post #12 of 20 (1061 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:

>>> amavisd will pass the message to clamdscan and spamassassin itself, and
>>> offer some more goodies.
>>>
>> If amavis is primarily a 'dispatcher' maybe that's why it is hard to find examples.
>>
>> Exim has long had the ability to hand-off to ClAmAV, Sophos, et al, and
>> SpamAssassin 'built -in'. Needs no 'government worker' overhead.
>>
>> It almost certainly has the other 'goodies' built-in as well.
>
> Just off my head: can Exim store quarantine in a database? So that it
> can be accessed later by users from a web interface (pointers to working
> software would be welcome if it's possible)?

That would be quite easy to set up. If the "database" is a Maildir, and
the "web interface" is a webmail client which talks IMAP...

--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

Jul 1, 2009, 1:31 AM

Post #13 of 20 (1062 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:
> W B Hacker wrote:
>
>>> amavisd will pass the message to clamdscan and spamassassin itself,
>>> and offer some more goodies.
>>>
>>
>> If amavis is primarily a 'dispatcher' maybe that's why it is hard to
>> find examples.
>>
>> Exim has long had the ability to hand-off to ClAmAV, Sophos, et al,
>> and SpamAssassin 'built -in'. Needs no 'government worker' overhead.
>>
>> It almost certainly has the other 'goodies' built-in as well.
>
> Just off my head: can Exim store quarantine in a database?

Build it with the sql tools and it can do any DB manipulation that can BE done.
eg: SELECT INSERT, UPDATE ... whatever. And from within in-session acl's and/or
routers or transports. Works with PostgreSQL, DB2, Oracle, MySQL, SQLite... and
more.

But you probably won't need it to.

Most just use a router/transport set to place quarantined traffic into bespoke
mailstore locations, creating same on the fly if/as/when not previously existing
and/or recreating if end-user has blown 'em away.

Likewise archiving or other duplicate delivery. See 'unseen' in routers. Also
shadow transport.

> So that it
> can be accessed later by users from a web interface (pointers to working
> software would be welcome if it's possible)?
>

I use PostgreSQL, Dovecot IMAP, U Cambidge's 'Prayer' Webmail toolset.

IMNSHO, it is far easier with IMAP - folders are there regardless of
MUA/Webmail or OS. We haven't used POP for years, as all hands have need to use
multiple machines, soemtimes 'borrowed' or public - so syncing is a factor.

> Can I monitor filtering with SNMP?
>

Exim has highly configurable logging, custom log messages and error messages,
its own grep'ing and statistical analysis utilities, and perhaps the best debug
tools in the buisness.

cron and sputniks can send whatever reports you like, for whatever reason and
however often you want them.

If that isn't 'current' enough, such as when monitoring the effects of changes,
or troubleshooting, I prefer ssh and 'tail' or sputniks applied to a temporarily
more verbose mainlog.

>
>> Nothing wrong with Postfix - but it is about as close as it comes to a
>> 'pure' smtp critter, so it DOES lay-off most of hte 'extras' to
>> post-session worker bees.
>>
>> With Exim, smtp is just the sharp point of a whole arsenal of tools.
>>
>> Suggest you forget amavis and JFDI the Exim way. Essentially 100%
>> 'in-session'.
>
> I would, but it doesn't have all features I want.
>

I doubt you have the least clue how many 'features' Exim has, or supports.

Basically, if the CPU and OS can do it, Exim can tell it how, when, where, in
what format, and even how to cover its politically-correct ass.

;-)

>
> (...)
>
>> See above. IF you want to do that, you can use *anything*.
>
> Anything, but amavis (amavisd-new) during the session ;)
>
>
>>>> If Amavisd cannot be used in-session, then move up to one of the
>>>> above that can be.
>>> It can be used, at least with Postfix.
>>
>> So .... feel free to use it with Postfix. No one here will stop you.
>
>

Sounds like your priority is amavis-new, not smtp. Seems bass-ackwards to me.

Perhaps you should just program amavis to play games with randomized files and
forget about an MTA altogether?

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

chris at qwirx

Jul 1, 2009, 1:32 AM

Post #14 of 20 (1051 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Hi all,

On Wed, 1 Jul 2009, Tomasz Chmielewski wrote:

> http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html

I think the "cmdline" example on that page is wrong. It says:

> For example, Sophos Sweep reports a virus on a line like this:
>
> "Virus 'W32/Magistr-B' found in file ./those.bat"
>
> For the trigger expression, we can match the phrase ?found in file?. For
> the name expression, we want to extract the W32/Magistr-B string, so we
> can match for the single quotes left and right of it. Altogether, this
> makes the configuration setting:
>
> av_scanner = cmdline:\
> /path/to/sweep -ss -all -rec -archive %s:\
> found in file:'(.+)'

but the name expression there extracts the filename, not the virus name
(and doesn't match the above text anyway). I think it should be something
like this:

av_scanner = cmdline:\
/path/to/sweep -ss -all -rec -archive %s:\
Virus '(.*)' found

How does one go about changing the docs?

Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jul 1, 2009, 2:09 AM

Post #15 of 20 (1061 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Chris Wilson wrote:
> Hi Tomasz,
>
> On Wed, 1 Jul 2009, Tomasz Chmielewski wrote:
>
>>>> Perhaps I'm thinking too much in a Postfix way, but I'm unable to
>>>> produce a working setup to pass the message to amavis _before_ it's
>>>> accepted by Exim.
>>>
>>> Look at examples on acl_smtp_data wherein mime checking is done and
>>> messages are
>>> handed-off to ClamAV, Kaspersky, F-prot, Sophos, and/or SpamAssassin,
>>> their
>>> 'opinion' awaited, then the messages either passed clean, passed with
>>> 'demerits'
>>> and potential quarantine, or rejected as malware / spam.
>>
>> "av_scanner = clamd:..." is passing through a virus scanner, clamd in
>> this case. It has lots of other virus scanners, but no amavis option.
>>
>> The only thing which comes close is "cmdline", but amavis can be set up
>> on a different host, so it's also not this.
>
> But you don't have to run Amavis on a different host, you can run it on
> the same host.

I know I can run amavis on the same host with Exim. One can also run
SQL, mail storage a web server - all that on the same host connected
directly to the internet.
But that's not the point.

> Or you can use a network client like the amavis
> equivalent of spamc to have amavis scan the email remotely. You may need
> to write one if it doesn't exist already.

You're an optimist ;)

> It only has to attempt to send
> the messaage by SMTP to Amavis and return an error if Amavis refuses the
> message.

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jul 1, 2009, 2:13 AM

Post #16 of 20 (1060 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Mike Cardwell wrote:
> Tomasz Chmielewski wrote:
>
>>>> amavisd will pass the message to clamdscan and spamassassin itself, and
>>>> offer some more goodies.
>>>>
>>> If amavis is primarily a 'dispatcher' maybe that's why it is hard to find examples.
>>>
>>> Exim has long had the ability to hand-off to ClAmAV, Sophos, et al, and
>>> SpamAssassin 'built -in'. Needs no 'government worker' overhead.
>>>
>>> It almost certainly has the other 'goodies' built-in as well.
>> Just off my head: can Exim store quarantine in a database? So that it
>> can be accessed later by users from a web interface (pointers to working
>> software would be welcome if it's possible)?
>
> That would be quite easy to set up. If the "database" is a Maildir, and
> the "web interface" is a webmail client which talks IMAP...

If time was a cheap and infinite resource, yes, that would be quite easy
to set up.

Note that one may not necessarily want to have a webserver on the same
box as the mail server, so the "Maildir database" would not work here.

My point is, there are lots of additional software for amavisd-new
(here: I would use MailZu) and I wouldn't like to re-invent the wheel
just for Exim.

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

mangoo at wpkg

Jul 1, 2009, 2:26 AM

Post #17 of 20 (1051 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

W B Hacker wrote:

(...)

>>> Suggest you forget amavis and JFDI the Exim way. Essentially 100%
>>> 'in-session'.
>> I would, but it doesn't have all features I want.
>>
>
> I doubt you have the least clue how many 'features' Exim has, or supports.

I don't doubt.

But for me, one of the missing features is a before-queue filtering
similar to the one in Postfix.

(...)

> Sounds like your priority is amavis-new, not smtp. Seems bass-ackwards to me.

Any better arguments other than insulting?

Yes, amavisd-new is one of the priorities.
It's a good tool and it makes perfect sense to me to use it, especially
in environments where more types of MTAs are used.

> Perhaps you should just program amavis to play games with randomized files and
> forget about an MTA altogether?

Thanks for the suggestion, but amavis is not a MTA.

----

To sum up the thread: I better use Exim's built-in capability to talk to
the virus-scanner and spam-scanner directly.

--
Tomasz Chmielewski
http://wpkg.org

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

Jul 1, 2009, 9:14 AM

Post #18 of 20 (1047 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:
> Mike Cardwell wrote:
>> Tomasz Chmielewski wrote:
>>
>>>>> amavisd will pass the message to clamdscan and spamassassin itself,
>>>>> and offer some more goodies.
>>>>>
>>>> If amavis is primarily a 'dispatcher' maybe that's why it is hard to
>>>> find examples.
>>>>
>>>> Exim has long had the ability to hand-off to ClAmAV, Sophos, et al, and
>>>> SpamAssassin 'built -in'. Needs no 'government worker' overhead.
>>>>
>>>> It almost certainly has the other 'goodies' built-in as well.
>>> Just off my head: can Exim store quarantine in a database? So that it can
>>> be accessed later by users from a web interface (pointers to working
>>> software would be welcome if it's possible)?
>> That would be quite easy to set up. If the "database" is a Maildir, and the
>> "web interface" is a webmail client which talks IMAP...
>
> If time was a cheap and infinite resource, yes, that would be quite easy to
> set up.
>
> Note that one may not necessarily want to have a webserver on the same box as
> the mail server, so the "Maildir database" would not work here.
>

Where the webserver is is not necessarily a limitation.

'Prayer' implements its own bespoke https(s) daemon.

But even that need not 'speak' directly to the outside world.
See also 'Perdition'

Webmin/Usermin webmail and others also are full IMAP and/or POP
capable to [multiple] servers *remote* to the one on which they run.

Very handy to a traveler for single-sign-on, multiple accounts on disparate
services from different providers.

> My point is, there are lots of additional software for amavisd-new (here: I
> would use MailZu) and I wouldn't like to re-invent the wheel just for Exim.
>
>

So long as your 'world' revolves around Amavis rather than the task at hand,
re-invent the wheel - to bring it into the Amavis fixation - is exactly what you
have elected to take on.

'up periscope' adn take a look around.

There are better and easier ways...

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

Jul 1, 2009, 9:35 AM

Post #19 of 20 (1046 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

Tomasz Chmielewski wrote:
> W B Hacker wrote:
>
> (...)
>
>>>> Suggest you forget amavis and JFDI the Exim way. Essentially 100%
>>>> 'in-session'.
>>> I would, but it doesn't have all features I want.
>>>
>> I doubt you have the least clue how many 'features' Exim has, or supports.
>
> I don't doubt.
>
> But for me, one of the missing features is a before-queue filtering
> similar to the one in Postfix.
>
> (...)
>
>
>> Sounds like your priority is amavis-new, not smtp. Seems bass-ackwards to me.
>
> Any better arguments other than insulting?
>

Not insulting - query as to why you are not interested in educating *yourself*.

Rhett Butler disclaimer applies. Gender-neutral, of course...

>
> Yes, amavisd-new is one of the priorities.
> It's a good tool and it makes perfect sense to me to use it, especially
> in environments where more types of MTAs are used.
>
>
>> Perhaps you should just program amavis to play games with randomized files and
>> forget about an MTA altogether?
>
> Thanks for the suggestion, but amavis is not a MTA.

Finally. Progress.

> ----
>
> To sum up the thread: I better use Exim's built-in capability to talk to
> the virus-scanner and spam-scanner directly.
>
>

BINGO! Now go and have some fun with that....

There IS a learning curve - but plenty of support and examples are here.

And yes, with a bit of external kit you *can* get Exim to make coffee.
Or smell it. Or wash the cup.

Only limitation I've found so far is that it won't *drink* the coffee.
MailAdmins still have have their place in life...

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

Jul 2, 2009, 4:10 AM

Post #20 of 20 (1011 views)
Permalink

Re: Exim before-queue filtering? [In reply to]

On 01/07/2009, W B Hacker <wbh[at]conducive.org> wrote:
> Not insulting - query as to why you are not interested in educating *yourself*.
>
> Rhett Butler disclaimer applies. Gender-neutral, of course...

Lets' be a little more helpful here. Sometimes all we need to do is
help the guy do what he says he wants to do rather than trying to get
him to change his world to match ours.

Peter

--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com