File Name
README.md
<h1>Easy Spam Fighter</h1>
Credit to <a target=_blank href="http://olicomber.co.uk/blog/b/Easy,_reliable_spam_fighting_with_Exim">http://olicomber.co.uk/blog/b/Easy,_reliable_spam_fighting_with_Exim</a><br>
<br>
this version has been modified for use with a DirectAdmin System.<br>
It requires a minimum of exim.conf 4.3.x and exim.pl 20<br>
<br>
It also requires exim be compiled with EXPERIMENTAL_SPF, which can be confirmed with:<br>
<textarea readonly cols=180 rows=1>exim -bV | grep ^SPF</textarea><br><br>

CustomBuild 2.0 has been updated to add this to the Makefile at compile time if:<br>
easy_spam_fighter=yes</br>
is set in the options.conf:<br>
<a target=_blank href="http://help.directadmin.com/item.php?id=125">Recompile Exim</a><br>

<hr>
<h2>Installation</h2>

See this guide for automated CustomBuild 2.0 install:<br>
<a target=_blank href="http://help.directadmin.com/item.php?id=576">http://help.directadmin.com/item.php?id=576</a><br>
<br>

<hr>
<h2>Help</h2>
See the forum for issues or questions:<br>
<a target=_blank href="http://forum.directadmin.com/forumdisplay.php?f=89">http://forum.directadmin.com/forumdisplay.php?f=89</a><br>
<br>

<hr>
<h2>About</h2>

The Easy Spam Fighter (simplied wording from "Easy, Reliable, Spam Fighting, with Exim")
is a set of exim ACLs that do various checks, and any check that returns a result (possible spam)
it then increases the score (saved and incremented in $acl_m_easy69)
At the end of the DATA ACL, if the score is below the limit, run a basic smtp-time SpamAssassin call
and add the "int_score to acl_m_easy69. (eg: 2.7 has int score of 27)
If already above the limit, don't bother running SpamAssassin, as it will be spam already.
This last skip will save CPU processing.
<br><br>
After all that, if the score is above a threshold, the message is rejected, at SMTP-time, and it never enters your queue.
If it's below the threshold, multiple headers are added to explain each score.<br>

<hr>
<h2>Files</h2>

-- variables.conf<br>
<br>
If you want to customize the file, create your own file:<br>
-- variables.conf.custom, and set only the values in this file as desired, and they'll override the defaults. You must use <a href='https://help.directadmin.com/item.php?id=576'>double == in this file</a>, and issue ./build exim_conf to merge to the main conf.<br>
<textarea readonly cols=180 rows=16>
EASY_LIMIT = 55 - max score before an email is considered spam before SA is rung (main purpose is just to decide if SpamAssassin run is needed)
EASY_IS_SPAM = 20 - this is a nudge score. If SpamAssass determines it's spam (based on the User threshold), this extra score is added, on top of the spam_score_int
EASY_HIGH_SCORE_DROP = 100 - very high scoring spam is dropped at this score, and not allowed to enter.
EASY_SPF_PASS = -30 - If the SPF passes, the score drops by this amount
EASY_SPF_SOFT_FAIL = 30 - If the SPF hits a softfail from ~all, this score is added.
EASY_SPF_FAIL = 100 - If the SPF hits a hard fail from -all: A:EASY_SPF_FAIL>=EASY_HIGH_SCORE_DROP, message is dropped. else B:EASY_SPF_FAIL is added to score.
EASY_DKIM_PASS = -20 - If the DKIM Passes, the score drops by this amount
EASY_DKIM_FAIL = 100 - If the DKIM Fails, the score is added.
EASY_NO_REVERSE_IP = 100 - Sender IP must have a reverse IP lookup, or this score is added.
EASY_FORWARD_CONFIRMED_RDNS = -10 - Sender IP has reverse IP PLUS forward A lookup back to the same IP, so we subtract 10.
EASY_DNS_BLACKLIST = 50 - IP that is in a dns black list (RBL) gets this score
EASY_SPAMASSASSIN_MAX_SIZE = 200K - max size that SpamAssassin will scan.
EASY_SKIP_SENDERS = /etc/virtual/esf_skip_senders - file to hold MAIL FROM addresses that ESF should skip checks for SPF, DKIM. Wildcards allowed.
EASY_SKIP_RECIPIENTS = /etc/virtual/esf_skip_recipients - file to hold RCPT TO addresses that ESF should skip checks for DKIM, RBL. Wildcards allowed.
EASY_SKIP_HOSTS = /etc/virtual/esf_skip_hosts - file to hold reverse IP lookup hostlist that ESF should skip checks for. Wilcards allowed.
EASY_SKIP_IPS = /etc/virtual/esf_skip_ips - file to hold ip list that ESF should skip checks for. Can be 1.2.3.4 or 1.2.0.0/16 ranges</textarea><br>

<br>
-- check_mail.conf<br>
Does the MX dns checks, SPF record checks, and reverse IP check.<br>
<br>
-- check_rcpt.conf<br>
Check on the RBLs and add score<br>
<br>
-- check_message.conf<br>
will run SpamAssassin if the score is low enough, but above that score, it doesn't bother.<br>
If run, the int spam score is added.<br>
After, the message is decided if it should be dropped.<br>
<br>
-- /etc/virtual/esf_skip_senders<br>
file to hold MAIL FROM addresses that ESF should skip checks for SPF, DKIM.<br>
Uses wildlsearch, so can use *<br>
Does not have to exist<br>
<br>
-- /etc/virtual/esf_skip_recipients<br>
file to hold RCPT TO addresses that ESF should skip checks for DKIM, RBL.<br>
Uses wildlsearch, so can use *<br>
Does not have to exist<br>