------------------------------- using the exiscan spamd_address = 127.0.0.1 783 av_scanner = clamd:127.0.0.1 3310 ACLs: acl_check_data: # Any hosts and authenticated clients listed here will not be scanned by SpamAssassin accept hosts = 127.0.0.1:+relay_from_hosts accept authenticated = * # First unpack MIME containers and reject serious errors. # deny message = This message contains a MIME error ($demime_reason) # demime = * # condition = ${if >{$demime_errorlevel}{2}{1}{0}} # Reject typically wormish file extensions. There is almost no # sense in sending such files by email. deny message = This message contains an unwanted file extension ($found_extension) demime = scr:com:vbs:bat:lnk:pif:exe # # If the message contains SCR or PIF we want to Log this warn log_message = DISCARD: ATTACHMENT ($found_extension) demime = scr:com:vbs:bat:lnk:pif:exe control = fakereject discard demime = scr:com:vbs:bat:lnk:pif:exe # ## Reject virus infested messages. deny message = This message contains malware ($malware_name) demime = * malware = * # Reject messages containing "viagra" in all kinds of whitespace/case combinations # WARNING: this is an example ! # deny message = This message matches a blacklisted regular expression ($regex_match_string) # regex = [Vv] *[Ii] *[Aa] *[Gg] *[Rr] *[Aa] : Prescription : Pharmacy # Always add X-Spam-Score and X-Spam-Report headers, using SA system-wide settings # (user "nobody"), no matter if over threshold or not. warn message = X-Spam-Score: $spam_score ($spam_bar) spam = nobody:true warn message = X-Spam-Report: $spam_report spam = nobody:true warn message = X-New-Subject: [***SPAM***] $h_subject: spam = nobody warn message = X-Virus-Scanned: Scanned with Clam AntiVirus spam = nobody:true # Add X-Spam-Flag if spam is over system-wide threshold warn message = X-Spam-Flag: YES spam = nobody # Reject spam messages with score over 10, using an extra condition. deny message = This message scored $spam_score points. Congratulations! spam = nobody:true condition = ${if >{$spam_score_int}{100}{1}{0}} =============================== MySQL GRAYLIST_TEST = SELECT IF(UNIX_TIMESTAMP()-UNIX_TIMESTAMP(dtime)<300,1,2) \ FROM graylisting \ WHERE ip='${quote_mysql:$sender_host_address}' \ AND domain='${quote_mysql:$sender_address_domain}' GRAYLIST_ADD = INSERT INTO graylisting ( ip, domain, dtime ) \ VALUES ( '${quote_mysql:$sender_host_address}', \ '${quote_mysql:$sender_address_domain}', NOW() ) and on rcpt acl: # Graylisting # acl_m7 = 0 -> not on database # acl_m7 = 1 -> on database but not expired # acl_m7 = 2 -> on database and expired warn set acl_m7 = ${lookup mysql{GRAYLIST_TEST}{$value}{0}} defer condition = ${if eq{$acl_m7}{0}{1}} condition = ${lookup mysql{GRAYLIST_ADD}{yes}{no}} defer condition = ${if eq{$acl_m7}{1}{1}} Note that this implementation does not use triplets (it only uses host ip and sender domain) and records should be expired from outside exim. Also the first timeout is set to 5 minutes instead of one hour.