Mail Scanning

This procedure configures Exim to use SpamAssassin and AMaViS.

1. Login as the root user.
   [screenshot]

2. Edit the /etc/exim/exim.conf file.

   # mcedit /etc/exim/exim.conf
   [screenshot]

   Add these lines to the main configuration section:

   queue_only_load = 5
   deliver_load_max = 10
   timeout_frozen_after = 5d
   

   Mail scanning is CPU intensive, and spam tends to be delivered in massive batches that will overload the computer. The first line defers scanning when the load average exceeds 5, and the second line stops most other activity when the load average exceeds 10. The computer will usually become unresponsive when the load average exceeds 20.

   The third line discards undeliverable messages after five days. If this option is not set, then messages are kept in the queue indefinitely.

   Busy systems will generate hundreds of warning messages each day. After you are comfortable with the system, you may wish to set:

   freeze_tell_mailmaster = false
   

   Note: The freeze_tell_mailmaster will already be in the default exim.conf file. If you define it twice, then Exim will not start.

3. Edit the /etc/exim/exim.conf file.

   # mcedit /etc/exim/exim.conf
   [screenshot]

   Add amavis to the list of trusted users.

   trusted_users = mail : amavis
   

   Note: The amavis-ng package automatically created the amavis user earlier.

4. Edit the /etc/exim/exim.conf file.

   # mcedit /etc/exim/exim.conf
   [screenshot]

   Add this block to the transport section:

   scan_transport:
     driver = pipe
     transport_filter = "/usr/bin/spamc -f -u ${local_part}"
     command = "/usr/bin/amavis <${sender_address}> ${pipe_addresses}"
     return_path_add = false
     user = amavis
     group = amavis
   

   Note: Exim will not call external programs as the root user. Ensure that the user and group are actually local accounts.

5. Edit the /etc/exim/exim.conf file.

   # mcedit /etc/exim/exim.conf
   [screenshot]

   Add this block to the directors section immediately before the localuser block:

   scan_director:
     condition = "${if eq {$received_protocol}{scanned-ok} {0}{1}}"
     transport = scan_transport
     driver = smartuser
   

   Caveat: Exim calls each director in order until one accepts the message for delivery. Ensure that the order of the directors is appropriate for your system.

   Rationale: This document suggests putting the scan_director after userforward and procmail to allow users override privileges.

6. Send mail to a local test account and check whether the X-Scanned-By and X-Spam-Status headers exist in the delivered message.