diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 09:44:08 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 09:44:08 +0000 |
commit | 933bbaf3ed7bd659a5c044745aea763815928598 (patch) | |
tree | 6fe3906ff9f7121999800da3683c206d128b7d39 /debian/debconf/conf.d/acl/40_exim4-config_check_data | |
parent | Adding upstream version 4.94.2. (diff) | |
download | exim4-933bbaf3ed7bd659a5c044745aea763815928598.tar.xz exim4-933bbaf3ed7bd659a5c044745aea763815928598.zip |
Adding debian version 4.94.2-7+deb11u2.debian/4.94.2-7+deb11u2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/debconf/conf.d/acl/40_exim4-config_check_data')
-rw-r--r-- | debian/debconf/conf.d/acl/40_exim4-config_check_data | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/debian/debconf/conf.d/acl/40_exim4-config_check_data b/debian/debconf/conf.d/acl/40_exim4-config_check_data new file mode 100644 index 0000000..ac198f9 --- /dev/null +++ b/debian/debconf/conf.d/acl/40_exim4-config_check_data @@ -0,0 +1,96 @@ + +### acl/40_exim4-config_check_data +################################# + +# This ACL is used after the contents of a message have been received. This +# is the ACL in which you can test a message's headers or body, and in +# particular, this is where you can invoke external virus or spam scanners. + +acl_check_data: + + # Deny if the message contains an overlong line. Per the standards + # we should never receive one such via SMTP. + # + .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT + deny + condition = ${if > {$max_received_linelength}{998}} + message = maximum allowed line length is 998 octets, \ + got $max_received_linelength + .endif + + # Deny if the headers contain badly-formed addresses. + # + .ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX + deny + !acl = acl_local_deny_exceptions + !verify = header_syntax + message = header syntax + log_message = header syntax ($acl_verify_message) + .endif + + + # require that there is a verifiable sender address in at least + # one of the "Sender:", "Reply-To:", or "From:" header lines. + .ifdef CHECK_DATA_VERIFY_HEADER_SENDER + deny + !acl = acl_local_deny_exceptions + !verify = header_sender + message = No verifiable sender address in message headers + .endif + + + # Deny if the message contains malware. Before enabling this check, you + # must install a virus scanner and set the av_scanner option in the + # main configuration. + # + # exim4-daemon-heavy must be used for this section to work. + # + # deny + # malware = * + # message = This message was detected as possible malware ($malware_name). + + + # Add headers to a message if it is judged to be spam. Before enabling this, + # you must install SpamAssassin. You may also need to set the spamd_address + # option in the main configuration. + # + # exim4-daemon-heavy must be used for this section to work. + # + # Please note that this is only suiteable as an example. See + # /usr/share/doc/exim4-base/README.Debian.gz + # + # See the exim docs and the exim wiki for more suitable examples. + # + # # Remove internal headers + # warn + # remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \ + # X-Spam_report + # + # warn + # condition = ${if <{$message_size}{120k}{1}{0}} + # # ":true" to add headers/acl variables even if not spam + # spam = nobody:true + # add_header = X-Spam_score: $spam_score + # add_header = X-Spam_bar: $spam_bar + # # Do not enable this unless you have shorted SpamAssassin's report + # #add_header = X-Spam_report: $spam_report + # + # Reject spam messages (score >15.0). + # This breaks mailing list and forward messages. + # deny + # condition = ${if <{$message_size}{120k}{1}{0}} + # condition = ${if >{$spam_score_int}{150}{true}{false}} + # message = Classified as spam (score $spam_score) + + + # This hook allows you to hook in your own ACLs without having to + # modify this file. If you do it like we suggest, you'll end up with + # a small performance penalty since there is an additional file being + # accessed. This doesn't happen if you leave the macro unset. + .ifdef CHECK_DATA_LOCAL_ACL_FILE + .include CHECK_DATA_LOCAL_ACL_FILE + .endif + + + # accept otherwise + accept |