MailScanner delivering System Filtered messages?

Serversphere · Post by **Serversphere** » 23 Mar 2009, 03:38

I want to set up some rules in antivirus.exim for some targeted spam that is too large for MailScanner. When the rule triggers, I do get a log entry saying the message was cancelled. Then it just gets delivered anyway. I am wondering if it is because MS has a deliver statement in MS settings for non-spam actions?

Here is a sample of my antivirus rules:

Code: Select all

if $header_subject contains "keyword 1" or
   $header_subject contains "keyword 2"
then
  fail
  logwrite "$tod_log $message_id rejected: spam filter blocked"
  seen finish
endif

Post by **Sarah** » 23 Mar 2009, 11:08

I'm afraid I can't really help you with why your exim filter isn't working. You might want to try exim.org for help in implementing filters. The exim filters are applied after processing by MailScanner. I ran a quick test of your filter on one of our servers, and the mail was rejected and a failure notice was sent. The original mail was not delivered to the user's inbox.

Serversphere · Post by **Serversphere** » 23 Mar 2009, 11:51

Aha! You DID help Sarah.

Since the filter is processed AFTER MailScanner I now know I was wrong. I thought the filter came first, and was looking to MailWatch to tell me if the mail was being delivered. But now I see that MS is processing it, storing it and logging it to mailwatch; THEN the filter does in fact discard it. Even though it shows up in mailwatch it does not show up in the user's mailbox. So it was my testing process that was flawed. Whoops!

Thanks!