New exim ebuild with exiscan support pcompiled in. Please comment on

bug #9605

4 files changed, 765 insertions, 1 deletions

diff --git a/net-mail/exim/ChangeLog b/net-mail/exim/ChangeLog
index 455310084cfb..2ad043ed9fb3 100644
--- a/net-mail/exim/ChangeLog
+++ b/net-mail/exim/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-mail/exim
 # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/net-mail/exim/ChangeLog,v 1.13 2002/09/15 15:07:26 raker Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/exim/ChangeLog,v 1.14 2002/11/15 17:32:27 raker Exp $
+
+*exim-4.10 (15 Nov 2002)
+
+  15 Nov 2002; Nick Hadaway <raker@gentoo.org> exim-4.10.ebuild,
+  files/digest-exim-4.10, files/exiscan.conf :
+  New exim ebuild with support for exiscan patched in.  Marked unstable.
 
 *exim-4.05 (29 Aug 2002)
 
diff --git a/net-mail/exim/exim-4.10.ebuild b/net-mail/exim/exim-4.10.ebuild
new file mode 100644
index 000000000000..275452fbf1e4
--- /dev/null
+++ b/net-mail/exim/exim-4.10.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# Updated to exim-4 by Ben Lutgens <lamer@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/net-mail/exim/exim-4.10.ebuild,v 1.1 2002/11/15 17:32:27 raker Exp $
+
+IUSE="tcpd ssl postgres mysql ldap pam"
+
+S=${WORKDIR}/${P}
+EXISCAN_VER=${PV}-16
+
+DESCRIPTION="A highly configurable, drop-in replacement for sendmail"
+SRC_URI="ftp://ftp.exim.org/pub/exim/exim4/${P}.tar.gz
+	http://duncanthrax.net/exiscan/exiscan-${EXISCAN_VER}.tar.gz"
+HOMEPAGE="http://www.exim.org/"
+
+DEPEND="virtual/glibc
+	>=sys-libs/db-3.2
+	>=sys-devel/perl-5.6.0
+	>=dev-libs/libpcre-3.4
+	pam? ( >=sys-libs/pam-0.75 )
+	tcpd? ( sys-apps/tcp-wrappers )
+	ssl? ( >=dev-libs/openssl-0.9.6 )
+	ldap? ( >=net-nds/openldap-2.0.7 )
+	mysql? ( >=dev-db/mysql-3.23.28 )
+	postgres? ( >=dev-db/postgresql-7 )"
+RDEPEND="${DEPEND}
+	!virtual/mta
+	>=net-mail/mailbase-0.00"
+PROVIDE="virtual/mta"
+
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~x86 ~sparc ~sparc64"
+
+src_unpack() {
+
+	local myconf
+	unpack ${A}
+	cd ${S}
+
+	einfo "Patching exiscan support into exim ${PV}.."
+	patch -p1 < ${WORKDIR}/exiscan-${EXISCAN_VER}/exiscan-${EXISCAN_VER}.patch
+	
+	sed -e "48i\CFLAGS=${CFLAGS}" \
+		-e "s:# AUTH_CRAM_MD5=yes:AUTH_CRAM_MD5=yes:" \
+		-e "s:# AUTH_PLAINTEXT=yes:AUTH_PLAINTEXT=yes:" \
+		-e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=/usr/sbin:" \
+		-e "s:COMPRESS_COMMAND=/opt/gnu/bin/gzip:COMPRESS_COMMAND=/usr/bin/gzip:" \
+		-e "s:ZCAT_COMMAND=/opt/gnu/bin/zcat:ZCAT_COMMAND=/usr/bin/zcat:" \
+		-e "s:CONFIGURE_FILE=/usr/exim/configure:CONFIGURE_FILE=/etc/exim/exim.conf:" \
+		-e "s:EXIM_MONITOR=eximon.bin:# EXIM_MONITOR=eximon.bin:" \
+		-e "s:# EXIM_PERL=perl.o:EXIM_PERL=perl.o:" \
+		-e "s:# INFO_DIRECTORY=/usr/local/info:INFO_DIRECTORY=/usr/share/info:" \
+		-e "s:# LOG_FILE_PATH=syslog:LOG_FILE_PATH=syslog:" \
+		-e "s:LOG_FILE_PATH=syslog\:/var/log/exim_%slog::" \
+		-e "s:# PID_FILE_PATH=/var/lock/exim%s.pid:PID_FILE_PATH=/var/run/exim%s.pid:" \
+		-e "s:# SPOOL_DIRECTORY=/var/spool/exim:SPOOL_DIRECTORY=/var/spool/exim:" \
+		-e "s:# SUPPORT_MAILDIR=yes:SUPPORT_MAILDIR=yes:" \
+		-e "s:# SUPPORT_MAILSTOR=yes:SUPPORT_MAILSTORE=yes:" \
+		-e "s:# SUPPORT_MBX=yes:SUPPORT_MBX=yes:" \
+		-e "s:EXIM_USER=:EXIM_USER=mail:" \
+		-e "s:# AUTH_SPA=yes:AUTH_SPA=yes:" \
+		src/EDITME > Local/Makefile
+
+	cd Local
+	if use pam; then
+		cp Makefile Makefile.orig
+		sed -e "s:# SUPPORT_PAM=yes:SUPPORT_PAM=yes:" Makefile.orig > Makefile
+		myconf="${myconf} -lpam"
+	fi
+	if use tcpd; then
+		cp Makefile Makefile.orig
+		sed -e "s:# USE_TCP_WRAPPERS=yes:USE_TCP_WRAPPERS=yes:" Makefile.orig > Makefile
+		myconf="${myconf} -lwrap"
+	fi
+	if [ -n "$myconf" ] ; then
+		echo "EXTRALIBS=${myconf}" >> Makefile
+	fi
+
+	cd ${S}
+	if use ssl; then
+		cp Local/Makefile Local/Makefile.tmp
+		sed -e "s:# SUPPORT_TLS=yes:SUPPORT_TLS=yes:" \
+			-e "s:# TLS_LIBS=-lssl -lcrypto:TLS_LIBS=-lssl -lcrypto:" Local/Makefile.tmp > Local/Makefile
+	fi
+
+	LOOKUP_INCLUDE=
+	LOOKUP_LIBS=
+
+	if use ldap; then
+		cp Local/Makefile Local/Makefile.tmp
+		sed -e "s:# LOOKUP_LDAP=yes:LOOKUP_LDAP=yes:" \
+			-e "s:# LDAP_LIB_TYPE=OPENLDAP2:LDAP_LIB_TYPE=OPENLDAP2:" \
+			Local/Makefile.tmp >| Local/Makefile
+		LOOKUP_INCLUDE="-I/usr/include/ldap"
+		LOOKUP_LIBS="-L/usr/lib -lldap -llber"
+	fi
+
+	if use mysql; then
+		cp Local/Makefile Local/Makefile.tmp
+		sed -e "s:# LOOKUP_MYSQL=yes:LOOKUP_MYSQL=yes:" \
+			Local/Makefile.tmp >| Local/Makefile
+		LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I/usr/include/mysql"
+		LOOKUP_LIBS="$LOOKUP_LIBS -L/usr/lib -lmysqlclient"
+	fi
+
+	if use postgres; then
+		cp Local/Makefile Local/Makefile.tmp
+		sed -e "s:# LOOKUP_PGSQL=yes:LOOKUP_PGSQL=yes:" \
+			Local/Makefile.tmp >| Local/Makefile
+		LOOKUP_INCLUDE="$LOOKUP_INCLUDE -I/usr/include/postgresql"
+		LOOKUP_LIBS="$LOOKUP_LIBS -lpq"
+	fi
+
+	if [ -n "$LOOKUP_INCLUDE" ]; then
+		cp Local/Makefile Local/Makefile.tmp
+		sed -e "s:# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include:LOOKUP_INCLUDE=$LOOKUP_INCLUDE:" \
+			Local/Makefile.tmp >| Local/Makefile
+	fi
+
+	if [ -n "$LOOKUP_LIBS" ]; then
+		cp Local/Makefile Local/Makefile.tmp
+		sed -e "s:# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq:LOOKUP_LIBS=$LOOKUP_LIBS:" \
+			Local/Makefile.tmp >| Local/Makefile
+	fi
+
+
+	cat Makefile | sed -e 's/^buildname=.*/buildname=exim-gentoo/g' > Makefile.gentoo && mv -f Makefile.gentoo Makefile
+
+	cp Local/Makefile Local/Makefile.tmp
+	sed -e "s:# LOOKUP_DSEARCH=yes:LOOKUP_DSEARCH=yes:" Local/Makefile.tmp >| Local/Makefile
+
+	cp Local/Makefile Local/Makefile.tmp
+	sed -e "s:# LOOKUP_CDB=yes:LOOKUP_CDB=yes:" Local/Makefile.tmp >| Local/Makefile
+}
+
+src_compile() {
+
+	make || die
+
+}
+
+
+src_install () {
+
+	cd ${S}/build-exim-gentoo
+	insopts -o root -g root -m 4755
+	insinto /usr/sbin
+	doins exim
+
+	dodir /usr/bin /usr/sbin /usr/lib
+	dosym /usr/sbin/exim /usr/bin/mailq
+	dosym /usr/sbin/exim /usr/bin/newaliases
+	dosym /usr/sbin/exim /usr/bin/mail
+	dosym /usr/sbin/exim /usr/lib/sendmail
+	dosym /usr/sbin/exim /usr/sbin/sendmail
+
+	exeinto /usr/sbin
+	for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \
+		exim_tidydb exinext exiwhat exigrep eximstats exiqsumm \
+		convert4r3 convert4r4
+	do
+		doexe $i
+	done
+
+	dodir /etc/exim
+	
+	cd ${S}/src
+	cp configure.default ${D}/etc/exim/exim.conf.dist
+
+	dodoc ${S}/doc/*
+	doman ${S}/doc/exim.8
+	# INSTALL a pam.d file for SMTP AUTH that works with gentoo's pam
+	insinto /etc/pam.d
+	doins ${FILESDIR}/pam.d-exim
+
+	# A nice filter for exim to protect your windows clients.
+	insinto /etc/exim
+	doins ${FILESDIR}/system_filter.exim
+	dodoc ${FILESDIR}/auth_conf.sub
+	doins ${FILESDIR}/exiscan.conf
+
+	exeinto /etc/init.d
+	newexe ${FILESDIR}/exim.rc6 exim
+	insinto /etc/conf.d
+	newins ${FILESDIR}/exim.confd exim
+}
+
+
+pkg_config() {
+
+	${ROOT}/usr/sbin/rc-update add exim
+
+}
+
+pkg_postinst() {
+
+	einfo "Read the bottom of /etc/exim/system_filter.exim for usage."
+	einfo "/usr/share/doc/${P}/auth_conf.sub.gz contains the configuration sub for using smtp auth."
+	einfo "Please create /etc/exim/exim.conf from /etc/exim/exim.conf.dist."
+
+}
diff --git a/net-mail/exim/files/digest-exim-4.10 b/net-mail/exim/files/digest-exim-4.10
new file mode 100644
index 000000000000..8ce81e55c5f6
--- /dev/null
+++ b/net-mail/exim/files/digest-exim-4.10
@@ -0,0 +1 @@
+MD5 3248805102546701a83ddceb032303af exim-4.10.tar.gz 1333428
diff --git a/net-mail/exim/files/exiscan.conf b/net-mail/exim/files/exiscan.conf
new file mode 100644
index 000000000000..ae9ec8ec0be3
--- /dev/null
+++ b/net-mail/exim/files/exiscan.conf
@@ -0,0 +1,555 @@
+# These are configuration exacmples for getting exiscan going on your
+# system  Changes must be made to /etc/exim/exim.conf to enable the
+# exiscan facility.
+
+# Global options
+# -------------------------------------------------------------------------
+# These options apply to all facilities.
+
+# exiscan_condition   (string, mantadory, default unset)
+# ------------------------------------------------------
+# This option is the "master condition" that is evaluated to see if
+# ANY exiscan facility should be used to scan the current message. If
+# the condition does not apply, exiscan just skips over the message (no
+# facilities are used). When this options is not set, exiscan will
+# be disabled. Note: facilities have individual conditions as well.
+# 
+# Example: to make exiscan only work on messages coming in with SMTP or
+#          ESMTP, use
+#
+#          exiscan_condition = \ 
+#             ${if or {{eq{$received_protocol}{esmtp}} \
+#                      {eq{$received_protocol}{smtp}}} \
+#                         {1}{0} }
+
+exiscan_condition = 1
+
+# exiscan_crypt_salt   (string, mantadory, default unset)
+# -------------------------------------------------------
+# exiscan inserts a crypt()ed version of the message ID into the header
+# when it has successfully scanned a message. This 'tag' is used to
+# determine if the message is 'clean' if it should be re-sent or delayed.
+# The exiscan_crypt_salt setting defines a 2-character string to be used
+# as a "seed" for the crypt process. You MUST set this option to a
+# 2-character string, otherwise exiscan will be disabled.
+
+exiscan_crypt_salt = fo
+
+# exiscan_unpack_mime   (bool, optional, default "true")
+# ------------------------------------------------------
+# Normally, exiscan unpacks MIME and TNEF containers (Thanks to
+# Paul L. Daniels ripMIME library).
+# If your scanner is able to scan on mailpacks (MBOX style files)
+# directly, we do not need to unpack the mails. ONLY disable this
+# option if this works with your scanner ! The default is "true",
+# so you do not need to explicitly set this option.
+
+exiscan_unpack_mime = true
+
+# exiscan_timeout   (time,optional, default "15m")
+# ------------------------------------------------
+# To cope with mishaps in the scanner process, exim uses a timeout on
+# the exiscan function call. If exiscan does not return in the given
+# timeframe, exim will assume a local problem and temporarily reject
+# the message. This timeout tells exim how long it will wait for
+# exiscan to return. The default is 900 seconds (15 minutes).
+
+exiscan_timeout = 30s
+
+
+# Antivirus facility (av) options
+# ---------------------------------------------------------------------
+# These options are used by the antivirus facility. You need an
+# external virus scanner on your system.
+
+# exiscan_av_condition   (string, default unset)
+# ----------------------------------------------
+# If this condition evaluates to "true", exiscan will call the virus
+# scanner facility on that message.
+#
+# Example: To scan ALL messages, just set this variable to "1"
+#
+#          exiscan_av_condition = 1
+
+exiscan_av_condition = 1
+
+# exiscan_av_action   (string, default 'reject')
+# ----------------------------------------------
+# This defines the action exiscan should take when it finds a virus
+# in the message.
+# Possible values are 'pass','reject','blackhole','freeze' or
+# 'redirect <address>'. When this option is unset, it defaults to
+# 'reject'.
+#
+# Example: redirect messages with viruses to postmaster
+#
+#          exiscan_av_action = redirect postmaster@mydomain.com
+
+exiscan_av_action = reject
+
+# exiscan_av_scanner   (string, default unset)
+# --------------------------------------------
+# This option tells exiscan what type of virus scanner to use. It
+# can be one of
+#
+#   keyword   | scanner
+#   -------------------------------------------------------------
+#   cmdline   | generic command line scanner
+#   sophie    | sophie AV daemon (http://www.vanja.com/tools/sophie/)
+#   kavdaemon | Kapersky AVP Daemon 3.x (http://www.kapersky.com)
+#   openav    | OpenAV scanner daemon (http://www.openantivirus.org)
+#
+# Depending on the scanner type you choose with this option, you
+# need to declare one or more further options below.
+
+exiscan_av_scanner = cmdline
+
+# exiscan_av_scanner_path   (string, default unset)
+# -------------------------------------------------
+# This option is needed ONLY for the cmdline av scanner type.
+# It contains the path to the virus scanner executable
+# That means FULL ABSOLUTE PATH AND EXECUTABLE !
+# Sorry for the caps but people keep messing this up.
+#
+# Example: Sophos Sweep in /usr/local/bin
+#
+#          exiscan_av_scanner_path = /usr/local/bin/sweep
+
+# exiscan_av_scanner_path = /usr/bin/sweep
+
+# exiscan_av_scanner_options   (string, default unset)
+# ----------------------------------------------------
+# This option is needed ONLY for the cmdline av scanner type.
+# It containts the options to be passed to the scanner on the command
+# line.
+# ATTENTION: the given string MUST containe ONE pipe ('|') symbol,
+# which will be replaced by exiscan with the path to be scanned.
+# Normally, the pipe will be at the end of the string, but some
+# scanners may also expect it somewhere else.
+#
+# Example: this works for Sophos Sweep
+#
+#           exiscan_av_scanner_options = -all -archive -ss |
+
+# exiscan_av_scanner_options = -all -archive -ss |
+
+# exiscan_av_scanner_regexp_trigger   (string, default unset)
+# -----------------------------------------------------------
+# This option is needed ONLY for the cmdline av scanner type.
+# exiscan parses both STDOUT and STDERR output of the scanner, line
+# by line. To determine if a virus was found, we use a perl-compatible
+# regular expression. In the simplest case, this will simply be a
+# string just like the example below which will work with Sophos Sweep.
+#
+# Example: this works for Sophos Sweep
+#
+#          exiscan_av_scanner_regexp_trigger = found in
+
+exiscan_av_scanner_regexp_trigger = found in
+
+# exiscan_av_scanner_regexp_description   (string, default unset)
+# ---------------------------------------------------------------
+# This option is needed ONLY for the cmdline av scanner type.
+# It contains a regular expression to fish the viruses' name out
+# of the scanner output.
+# IMPORTANT: this expression MUST contain exactly ONE pair of braces,
+# matching the substring with the virus info.
+# Typically, the braces will contain '.*', to match any number
+# of any character inside. To the left and right of the braces, you
+# should place other matching criteria, of course !
+#
+# Example: Sophos Sweep reports a virus on a line like this:
+#
+#           >>> Virus 'W32/Magistr-B' found in file ./those.bat
+#
+#          We want to get the W32/Magistr-B string, so we can match
+#          for the single quotes left and right of it, resulting in
+#          the regex '(.*)' (WITH the quotes!)
+#
+#          exiscan_av_scanner_regexp_description = '(.*)'
+
+exiscan_av_scanner_regexp_description = '(.*)'
+
+# exiscan_av_sophie_socket  (string, default unset)
+# -------------------------------------------------
+# This option is needed ONLY for the sophie av scanner type.
+# Sophie opens a unix socket in your file system. The default is
+# /var/run/sophie.
+# Please make sure that exim can access that socket (permissions!).
+# Also make sure that the user that Sophie runs with (./configure
+# option !!) is allowed to read the exim queue directory.
+# Sophie drops privileges, so while it may show up as running as root
+# in 'ps', it may have set its effective UID to another user !
+# Ideally, exims and sophies effective user settings should be the
+# same.
+#
+# Example:
+#
+#          exiscan_av_sophie_socket = /var/run/sophie
+
+# exiscan_av_sophie_socket = /var/run/sophie
+
+# exiscan_av_kavdaemon_socket   (string, default unset)
+# -----------------------------------------------------
+# This option is needed ONLY for the kavdaemon av scanner type.
+# kavdaemon opens a unix socket in your file system. The default
+# is /opt/AVP/AvpCtl.
+# Please make sure that exim can access that socket (permissions!).
+# Also make sure that the user that kavdaemon runs with is allowed
+# to read the exim queue directory.
+#
+# Attention: you need to run kavdaemon with the disinfection option
+# disabled, and with proper path settings, like this:
+#
+#   ./kavdaemon -E -f=/opt/AVP /
+#
+# Note the slash at the end, it is important. /opt/AVP is the
+# default AVP base directory.
+#
+# Example:
+#
+#          exiscan_av_kavdaemon_socket = /opt/AVP/AvpCtl
+
+# exiscan_av_kavdaemon_socket = /opt/AVP/AvpCtl
+
+# exiscan_av_openav_host   (string, default unset)
+# -----------------------------------------------------
+# This option is needed ONLY for the openav av scanner type.
+# It must be set to the IP address or hostname your openav
+# scanner daemon is operating on.
+# You must also set exiscan_av_openav_host along with this
+# option.
+#
+# Example: to use the openav daemon on the local host, use
+#
+#          exiscan_av_openav_host = 127.0.0.1
+#
+# exiscan_av_openav_port   (string, default unset)
+# -----------------------------------------------------
+# This option is needed ONLY for the openav av scanner type.
+# It must be set to the port number your openav scanner daemon
+# is operating on. It is usually '8127'.
+# You must also set exiscan_av_openav_host along with this
+# option.
+#
+# Example: to use the openav daemon on the port 8127, set
+#
+#          exiscan_av_openav_port = 8127
+
+# exiscan_av_openav_host = 127.0.0.1
+# exiscan_av_openav_port = 8127
+
+
+# Antispam facility (spamd) options
+# ---------------------------------------------------------------------
+# These options are used by the antispam facility. You need to install
+# SpamAssassin on your system. You can get it at
+#
+#   http://www.spamassassin.org
+#
+# exiscan uses the 'spamd' daemon directly, it needs to run in order for
+# this facility to work.
+#
+# Please read the section on header lines and actions further below to
+# learn what you can do with this facility.
+
+# exiscan_spamd_condition   (string, default unset)
+# -------------------------------------------------
+# If this condition evaluates to "true", exiscan will call the
+# antispam facility on that message.
+# Please read the "Setting Conditions" section below for more
+# information on setting conditions.
+#
+# Example: To scan ALL messages, just set this variable to "1"
+#
+#          exiscan_spamd_condition = 1
+
+exiscan_spamd_condition = 0
+
+# exiscan_spamd_action   (string, default unset)
+# ----------------------------------------------
+# This defines the action exiscan should take when a message
+# exceeds the defined spam score treshold (see below).
+# Possible values are 'pass','reject','blackhole','freeze' or
+# 'redirect <address>'. When this option is unset, it defaults to
+# 'pass' (meaning that only a header with spam info is added to
+# the message - see section "Header Lines" below).
+# Important: Please read the "Setting Actions" section below for more
+# information on actions.
+#
+# Example: reject messages exceeding the spam score treshold
+#
+#          exiscan_spamd_action = reject
+
+# exiscan_spamd_action = reject
+
+# exiscan_spamd_header_style   (string, default "single")
+# -------------------------------------------------------
+# This setting defines how much information the spamd facility
+# will add to the headers of the message. The following settings
+# are available:
+#
+#  none   - This will not add any spam info header to the message.
+#           When not using exiscan_spamd_treshold, this is quite
+#           useless.
+#  single - This will add the X-Spam-Score header (see the HEADERS
+#           section below)
+#  flag   - This will add the X-Spam-Score header and, if the
+#           messages' score is over the treshold, the X-Spam-Flag
+#           header. (see the HEADERS section below)
+#  full   - This will add the X-Spam-Score header and, if the
+#           messages' score is over the treshold, the X-Spam-Flag
+#           header and the FULL spamassassin report in clear text
+#           as a multiline header called "X-Spam-Report".
+#
+# Example:  exiscan_spamd_header_style = full
+
+# exiscan_spamd_header_style = full
+
+# exiscan_spamd_subject_tag  (string, default unset)
+# --------------------------------------------------
+# If you want to "tag" the subject of messages which have a spam
+# score greater than the exiscan_spamd_treshold, you can set this
+# option to a string that will be prepended to the subject.
+# This is only useful if exiscan_spamd_action is "pass".
+# End-user MUAs can then filter on that string in the subject.
+#
+# Example: if you set
+#
+#          exiscan_spamd_subject_tag = *SPAM*
+#
+#          the subject "URGENT BUSINESS PROPOSAL" will be
+#          changed into "*SPAM* URGENT BUSINESS PROPOSAL".
+
+# exiscan_spamd_subject_tag = *****SPAM*****
+
+# exiscan_spamd_treshold   (integer, default 999)
+# ----------------------------------------------
+# This defines the number of "spam score" points a message must
+# exceed to be classified as "spam" by exiscan. The default value
+# is very high, so if you only want to add headers to messages,
+# you do not need to set this option. Sensible value ranges
+# are 4-20. The lower you set this value, the more spam you may
+# catch, however the possibility of false positives is also higher.
+#
+# Example: set spam score treshold to 6 points
+#
+#          exiscan_spamd_treshold = 6
+
+# exiscan_spamd_treshold = 15
+
+# exiscan_spamd_address   (string, default unset)
+# -----------------------------------------------
+# This contains the IP address and port where the spamd is listening,
+# separated by a whitespace. By default, it resides on localhost port
+# 783. You can also run it on another machine to decrease the load on
+# the mail server. Uncommenting this option turns off the antispam
+# facility.
+#
+# Example: spamd running on localhost with default port
+#
+#          exiscan_spamd_address = 127.0.0.1 783
+
+# exiscan_spamd_address = 127.0.0.1 783
+
+
+# Regular expression scanning facility (regex) options
+# ---------------------------------------------------------------------
+# This facility can be used to scan a message for a set of regular
+# expressions. The scanning will be done line-by-line on the complete
+# message, including all headers, except for exiscan's own X- header.
+#
+# This facility is handy for blocking content that cannot yet be caught
+# by your AV scanner, or to crack down on spam (try 'mortgage' :).
+#
+# To prevent double bounces, this facility will not scan bounce messages
+# (messages with an empty envelope sender)
+
+# exiscan_regex_condition   (string, default unset)
+# -------------------------------------------------
+# If this condition evaluates to "true", exiscan will call the
+# regex facility on that message.
+# Please read the "Setting Conditions" section below for more
+# information on setting conditions.
+#
+# Example: To regex scan ALL messages, just set this variable to "1"
+#
+#          exiscan_regex_condition = 1
+
+exiscan_regex_condition = 0
+
+# exiscan_regex_action   (string, default 'reject')
+# -------------------------------------------------
+# This defines the action exiscan should take when a message
+# matches a defined regular expression.
+# Possible values are 'pass','reject','blackhole','freeze' or
+# 'redirect <address>'. When this option is unset, it defaults to
+# 'reject'.
+# Important: Please read the "Setting Actions" section below for more
+# information on actions.
+#
+# Example: blackhole messages matching a regular expression
+#
+#          exiscan_regex_action = blackhole
+
+# exiscan_regex_action = reject
+
+# exiscan_regex_data   (string, default unset)
+# --------------------------------------------
+# This option contains the regular expressions you wish to match
+# against messages, as a colon-separated list.
+# To put a colon inside a regular expression, you need to double
+# it (::).
+#
+# Example: Match 'mortgate' with case-insensitive 'm' and
+#          'make money'
+#
+#          exiscan_regex_data = [Mm]ortage : make money
+
+# exiscan_regex_data =
+
+
+# File extension scanning facility (extension) options
+# --------------------------------------------------------------------
+# This facility can be used to block mails containing files with
+# specific extensions, mostly those that may cause harm on the Windows
+# platform (vbs,pif,bat,exe,com etc.).
+#
+# To prevent double bounces, this facility will not scan bounce messages
+# (messages with an empty envelope sender)
+
+# exiscan_extension_condition   (string, default unset)
+# -----------------------------------------------------
+# If this condition evaluates to "true", exiscan will call the
+# extension facility on that message.
+# Please read the "Setting Conditions" section below for more
+# information on setting conditions.
+#
+# Example: To regex scan ALL messages, just set this variable to "1"
+#
+#          exiscan_extension_condition = 1
+
+exiscan_extension_condition = 0
+
+# exiscan_extension_action   (string, default 'reject')
+# -----------------------------------------------------
+# This defines the action exiscan should take when a message
+# contains one of the defined file types.
+# Possible values are 'pass','reject','blackhole','freeze' or
+# 'redirect <address>'. When this option is unset, it defaults to
+# 'reject'.
+# Important: Please read the "Setting Actions" section below for more
+# information on actions.
+#
+# Example: freeze messages containing an unwanted file type
+#
+#          exiscan_extension_action = freeze
+
+# exiscan_extension_action = freeze
+
+# exiscan_extension_data   (string, default unset)
+# ------------------------------------------------
+# This option contains the file extension for which you would like
+# to scan messages, as a colon-separated list.
+#
+# Example: Match 'exe', 'com', and 'vbs'
+#
+#          exiscan_extension_data = exe:com:vbs
+
+# exiscan_extension_data = exe:com:vbs
+
+
+
+
+# SETTING CONDITIONS
+# ------------------------------------------------------------------------------
+#
+# exiscan has five 'condition' options (see above): one 'master' condition and
+# one per facility. Each of these conditions is a string that may contain
+# 'expandable' components. Read chapter 11 of the exim 4 spec to learn more
+# about string expansion in exim.
+#
+# A condition is 'false' when it
+#
+#   - is unset
+#   - expands to 0 (string or number)
+#
+# All other values result in a 'true' condition.
+#
+# The master condition (option exiscan_condition) decides if exiscan is run
+# on a message. You should use it to skip messages that do not need to be
+# scanned. Typically, you will only want to scan messages that come in via
+# smtp or esmtp:
+#
+#   exiscan_condition = \
+#                 ${if or {{eq{$received_protocol}{esmtp}} \
+#                          {eq{$received_protocol}{smtp}}} \
+#                             {1}{0} }
+#
+# This will skip scanning messages coming from local sources or from authen-
+# ticated senders (asmtp).
+#
+# Each facility has its own condition to decide if it should be applied to
+# a message (exiscan-<facility>-condition). For example, you can use those
+# with file lookups to use a facility only on specific sender or recipient
+# domains. The excercise is left up to the reader :)
+#
+# To make a condition always true, just set it to '1'.
+#
+#
+# SETTING ACTIONS
+# ------------------------------------------------------------------------------
+#
+# Every facility in exiscan that 'matches' a message (found a virus, spam over
+# treshold, found regex/extension) can trigger a configurable action. Each
+# facility has an "action" option (exiscan_<facility>_action) where you can set
+# the action identifier for that facility.
+#
+# The following actions are available:
+#
+#   - reject    The message is rejected with a permanent error (5xx), stating
+#               the cause including information for the sender of the message.
+#
+#   - freeze    The message is accepted and immediately frozen, with the cause
+#               saved in the header file. The postmaster can then review the
+#               frozen messages and eventually thaw or delete them.
+#               (NB: does someone want to write a web frontend for that task ?
+#               Submissions welcome ;)
+#               IMPORTANT: If you use an automatic unfreeze timer in your exim
+#               config, exim will automatically thaw these messages after the
+#               specified time, resulting in delivery !
+#               It might also be a good idea to use exim's 'move_frozen_messages'
+#               option in conjunction with this action.
+#
+#   - blackhole The message is accepted and then destroyed by removing all reci-
+#               pients. I do not recommended to use this action unless you have
+#               a good cause to do so.
+#
+#   - redirect <newaddress>  The messages' envelope recipients are replaced by
+#                            an address stated behind the 'redirect' parameter.
+#                            Example:
+#
+#                              exiscan_spamd_action = redirect the@new.address
+#
+#                            Since the original envelope addresses are destroyed
+#                            by that action, you must rely on the headers to
+#                            figure out the intended original recipients.
+#
+#   - pass      No action is taken on the message, except that the facility
+#               will add it's X- header line to the message. This is especially
+#               useful for the spamd facility, if you only want to "mark" spam.
+#               See the "added headers" section below to learn what headers
+#               exiscan adds to messages.
+#
+# The facilities are called in the following order:
+#
+#   1 - av
+#   2 - extension
+#   3 - regex
+#   4 - spamd
+#
+# When a facility "matches" a message, processing is stopped and the proper return
+# code is passed to exim, except if the action for this facility is set to "pass".
+# The "spamd" facility is called last, since it takes the most processing time. The
+# "av" facility is called first, since both "extension" and "regex" may block the
+# same message too, only without giving valuable information.