-
Notifications
You must be signed in to change notification settings - Fork 47
Optional configurations
- Reject Spam-Mails above a certain limit
- Check reverse DNS settings
- Verify Sender Address
- Deny executables in zip-files
- Mails to root
- Rename the Spam-folder to Junk
- Auto-configuration for Thunderbird
This setting is for all users of the system regardless their spamassassin preferences!
Open the file /etc/exim4/vexim-acl-check-content.conf and uncomment this block:
# Reject mails with more than 15 spam-points. This is a system-wide setting and does not respect
# individual user settings!
deny message = This message has been rejected due to spam.
spam = vmail:true
condition = ${if >{$spam_score_int}{150}{true}{false}}
Be careful about this setting and only activate it after your spam filter has been properly trained.
You can enable reverse DNS check on other mailserver by uncommenting this line in /etc/exim4/exim4.conf:
CHECK_RCPT_REVERSE_DNS = yes
This is used by a lot of mail providers, so most legitimate mail servers will have this properly set. See also the comments in the config-file for more explenations.
Uncomment this in /etc/exim4/exim4.conf
require verify = sender
Mails are refused if the sender can't be verified. This can prevent spam but there is a risk of false positives if a mail server is temporarily not available or if non-existing mail addresses are used (e.g. [email protected]).
In /etc/exim4/exim4.conf, uncomment this line
acl_smtp_mime = acl_check_mime
and further down this block:
acl_check_mime:
deny message = A .zip attachment contains a Windows-executable file - \
blocked because we are afraid of new viruses \
not recognized [yet] by antiviruses.
condition = ${if match{$mime_filename}{\N(?i)\.zip$\N}}
condition = ${if def:sender_host_address}
!authenticated = *
decode = default
log_message = forbidden binary in attachment: filename=$mime_filename, \
recipients=$recipients
condition = ${if match{${run{/usr/bin/unzip -l \
$mime_decoded_filename}}}\
{\N(?i)\.(exe|com|ade|adep|adp|bas|bat|chm|cmd|cnf|com|cpl|crt|dll|hlp|hta|inf|ins|isp|js|jse|lnk|mad|maf|mag|mam|maq|mar|mas|matmav|maw|ocx|pcd|pif|reg|scf|scr|sct|vbe|vbs|wsc|wsf|wsh|url|xnk)\n\N}}
accept
There are currently a lot of spam mails with dangerous attachments hidden in zip-Files.
By default, no mails for user root are delivered. A lot of system messages addressed to root wouldn't be delivered but you can forward these mails instead. /etc/aliases contains all the aliases for system users, just add a line at the end for user root:
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: [email protected]
Why? Some mail clients use Junk as the Spam-folder by default, so you might want exim to move spam mails to the Junk folder instead of Spam.
Go to your main exim configuration file (or conf.d/router/249_vexim_ditch_routers)
and change this line:
data = ${lookup mysql{select concat(smtp,'/.Spam') \
into
data = ${lookup mysql{select concat(smtp,'/.Junk') \
When you connect Mozilla Thunderbird to your mail account, you give all configuration details (incoming server, port, ...) manually. You can provide some default settings so that users only have to give their credentials, and Thunderbird downloads the settings itself: https://developer.mozilla.org/de/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP