Setup spammassin and clamav with Exim on ubuntu 16.04

Question

I've been searching for help in setting up Spammassassin and ClamAV with Exim (on ubuntu-16.04), but all the guides are horribly out of date. Could anyone share their setup please?

Answer 1

The guidelines may be rather old, but the setup process hasn't really changed. The Exim4 Specification includes a chapter on Content scanning at ACL time that should get you started. I believe you need to install exim4-daemon-heavy for scanning to work.

This is a an extact of my configuration. I've stripped some research functionality.

Once you've installed clamav you need to uncomment the line in the main configuration reading:

av_scanner = clamd:/var/run/clamav/clamd.ctl

This will be in /etc/exim4/conf.d/main/02_exim4-config_options if you are using the split configuration, or /etc/exim4/exim4.conf.template if you are using the single configuration file option.

The easiest way to do scanning is to create a local data acl /etc/exim4/acls/40_local-config_check-data like this.

# --------------------------------------------------------------------
# Anti-Virus scanning
# This requires an 'av_scanner' setting in the main section.

# Defer if we find malware
defer
  malware = */defer_ok retry=60

# --- BEGIN EXISCAN configuration ---
# Invoke SpamAssassin to obtain $spam_score and $spam_report.
# SA: log messages emulate sa-exim output for eximstats
#
# If the message is classified as spam, and we have not previously
# set $acl_m_sa to indicate that we want to accept it anyway,
# reject it.

# Add a spam flag
warn
  spam = mail:true
  add_header = X-Spam-Connect-Host: $sender_fullhost
  add_header = X-Spam-Mail-From: $sender_address
  add_header = X-Spam-Recipients: $recipients
  add_header = X-Spam-Flag: ${if >= {$spam_score_int}{SPAM_LIMIT}{YES}{NO}}
  add_header = X-Spam-Level: ${tr{$spam_bar}{+}{*}}

# Add headers for data we will be reporting
warn
  condition = ${if >= {$spam_score_int}{SPAM_REPORT}}
  add_header = X-Spam-Report: $spam_report

# New Subject for BACN and SPAM
warn
  condition = ${if >= {$spam_score_int}{SPAM_IS_HAM}}
  add_header = X-Spam-Subject: $h_Subject
  remove_header = Subject
  add_header = Subject: ${if < {$spam_score_int}{SPAM_IS_BACN} \
      {BACN}{SPAM}} $spam_score: $h_Subject

# Blackhole serious Spam
discard
  condition = ${if eq {$acl_m_sa}{canreject}}
  condition = ${if >= {$spam_score_int}{SPAM_BLACKHOLE}}
  message = Discard recipients for this message spam $spam_score.
  logwrite = SA: Action: Blackholed message: score=$spam_score. \
      From \<$sender_address\> $sender_fullhost for $recipients

# Deny Spam
deny
  condition = ${if eq {$acl_m_sa}{canreject}}
  condition = ${if >= {$spam_score_int}{SPAM_REJECT}}
  message = This message looks like spam $spam_score.
  logwrite = SA: Action: permanently rejected message: score=$spam_score. \
      From \<$sender_address\> $sender_fullhost for $recipients

You will need to define values for spam limits. These go in /etc/exim4/conf.d/main/00_local_macros or /etc/exim4/exim4.conf.localmacros depending on the configuration file method you are using.

 # Spamassassin
SPAM_REPORT = -10
SPAM_IS_HAM = 25
SPAM_LIMIT = 35
SPAM_IS_BACN = 50
SPAM_REJECT = 100
SPAM_BLACKHOLE = 200

The variable acl_m_sa is set to indicate whether this is a postmaster/abuse message or sent to a user. This is documented in the notes for the sa-exim package. You may prefer using sa-exim rather than the EXISCAN portion of the ACL above.

Answer 2

    # order of lines matters
    warn
      spam = nobody:true #this line needed to define spam_score_int
      condition = ${if >{$spam_score_int}{60}{true}{false}} 
      add_header = X-Spam_score: $spam_score #this line must be after
      # to ensure X-Spam_score is only added when the condition is met
      # (lines before the condition are not subject to the condition)  
      add_header = X-Spam_bar: $spam_bar # this line subject to condition
      # spam_score_int = spam_score * 10 so 60 above corresponds to 6.0