[Exim] Bogofilter and Exim
Karl Schmidt
karl at xtronics.com
Tue Dec 31 04:13:27 CET 2002
No - Exim will only run the first router that accepts a message - so the
system I saw posted here relies on seeing the header to determine if
it needs to run bogofilter.
I changed the router below to do the domains test so it wouldn't scan
outgoing email - (something I haven't had to do here yet<g>) but others
(and perhaps spammers) using the stock setup posted previously would
send mail that will arrive with the X-Bogosity header and exim would
then not test it at the receiving site.
I've fixed it by generating a unique header to tag it as scanned here -
and look for that instead of the x-bogosity header in the router. Then
in local deliveries I remove the header again so it won't effect any
filter stats.
#ROUTERS
#the bogofilter_ router should be placed just before actual local delivery
bogofilter_router:
domains = +local_domains
no_verify
#the next line looks for X-flag to see if the mail has been scanned
condition = ${if !def:h_X-flag: {true }}
driver = accept
transport = bogofilter_filter
#end of router
++++++++++++
Transports
# bogofilter just adds X-Bogosity header here so we left the decision
what to
# with spam for user. ( by using procmail in the case of local delivery or
# sieve if we're using cyrus imapd)
bogofilter_filter:
driver = pipe
command = /usr/sbin/exim -oMr spam-scanned -bS
use_bsmtp = true
#next line adds the X-flag so we will later know mail has been scanned
headers_add = X-flag: true
transport_filter = /usr/bin/bogofilter -d /etc/bogofilter -lcd -p -e
group = mail
return_fail_output = true
user = mail
home_directory = "/tmp"
current_directory = "/tmp"
log_output = true
return_path_add = false
local_delivery:
driver = appendfile
file = /var/mail/$local_part
#lose the X-flag header
headers_remove = X-flag
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
# end of transport
Philip Douglass wrote:
> I think you've missed the point: bogofilter is going to strip any
x-bogosity
> header it finds and will replace it with a new one. If a spammer adds an
> x-bogosity header that makes it look as if it is not spam, it will be
> replaced with a new, correct header. And then you will filter it.
That "fake
> x-bogosity header" tactic would only work if you filtered your email
before
> it got passed through bogofilter. And why would you want to do that?
>
> ----- Original Message -----
> From: "Karl Schmidt" <karl at xtronics.com>
> To: "Konstantin Starodubtsev" <kostya at ptc.spbu.ru>;
<bogofilter at aotto.com>;
> <exim-users at exim.org>
> Sent: Monday, December 30, 2002 5:55 PM
> Subject: Re: [Exim] Bogofilter and Exim
>
>
>
>>A couple of things here
>>
>>What prevents a spammer from adding a x-bogosity header that makes it
>>look as if it is not spam? Or if someone forgot to put
>>
>>domain = +local_domains
>>
>>in the router and sent filtered and thus x-bogosity headered mail out?
>>
>>
>>- bogofilter replaces the x-bogosity header with the -p switch.
>>
>>Is there a simple way to remove the header on mail coming from the
>
> outside?
>
--
--------------------------------------------------
Karl Schmidt EMail Karl at xtronics.com
Transtronics, Inc. WEB http://xtronics.com
3209 West 9th Street Ph(785) 841-3089
Lawrence, KS 66049 FAX(785) 841-0434
Definition of Windows XP:
SPAM, thinly disguised as an operating system
--------------------------------------------------
More information about the Bogofilter
mailing list