Exim filters for spam check

[Wallaby]

Need some help with Exim config and Exin filters...

We use an antispam appliance to filter incoming mail. BUT some spammers send directly to the mailserver, ignoring the MX records. The antispam appliance adds a header to mail it has seen, so my first thought is to use an Exim filter to check for mail that does not have that special header:

# Exim filter 
if not first_delivery and error_message then finish endif
if $header_X-My-Special-Header: is "" then 
  deliver <[email protected]>
endif

This works great. BUT, it also catches valid mail sent from another domain on the same server, which is listed in local domains and hence does not go through the antispam appliance.

So my question is: can I check in my filter whether the sender domain is local?

Another thought I had was to check in the headers for

X-AntiAbuse: Primary Hostname - server-name.maindomain.com

which is added by Exim to outgoing mail. BUT, this header is not added to mail sent to another local domain. Aaargh! Is there a way of telling Exim to add a certain header to *all* mail, including that to local domains?

Cheers!

 

[Wallaby]

OK, I answered my own question after quite a bit of googling. Use this AT YOUR OWN RISK!

To get a situation where mail sent from local domains is not treated as possible spam, we can add a custom header to *all* mail sent from the mailserver, even local mail. We can do this in the Exim configuration file, within one of the areas that CPanel allows us to make edits/additions, using the Exim configuration editor.

1. Create a filter file /etc/vfilters/yourdomain.com as follows:

# Exim filter 
   
if not first_delivery and error_message then finish endif
   
if $header_X-Spam-Appliance-Header: is "" then
  if $header_X-My-Special-Header: is "" then
    deliver <[email protected]>
  endif
endif

2. Open the Exim advanced config editor in WHM and find this text in the config file:

#!!# ACL that is used after the DATA command
check_message:
  require verify = header_sender
  accept

Change it to:

#!!# ACL that is used after the DATA command
check_message:
   require verify = header_sender

# add custom header
warn message = X-My-Special-Header: ServerName

accept

obviously changing the header name and text as needed.

3. Save the Exim config. Test it all works.

4. To discard the email instead of sending it to the maybespam mailbox, change

	deliver <[email protected]>

to

	save "/dev/null" 660

in the filter.

Comments/corrections welcome.

 

[Wallaby]

Groan...

I spoke too soon. The amendment to the Exim config file adds the header to *all* messages, not just messages sent out by Exim or those incoming from local domains.

Please.... if you understand Exim I'd really appreciate some help understanding how I can add a custom header *only* to messages either sent by Exim, or messages incoming from local domains, so I can filter out local messages.

There must be someone out there?

I've tried

warn message my-header
domains = +local_domains

and it has no effect -- header is added to all messages.

 

[Wallaby]

Well just in case anyone's interested, I found the answer: a condition is needed.

So, to add the extra header to mail sent from local domains:

1. Find this section in the Exim config file:

#!!# This new section of the configuration contains ACLs #!!#

2. In the middle box below this section, find:

require verify = sender
accept domains = +local_domains
endpass

and immediately *above* it add these lines:

# add custom header
warn message = X-My-Custom-Header: ServerName
domains = +local_domains
condition = ${if match_domain{$sender_address_domain}{+local_domains} {yes}{no}}

(amended as you need) which adds a header to mail sent from local domains.

Save the Exim configuration and let Exim restart: check that no errors are produced and check that Exim is still able to send mail.