# howto make exim not scan local mails?

## Strowi

hi,

i am about to jump out of the window, but  i thought i'd try here first...

I set up exim + spam/clamav + cyrus according to the howto in the documentation section.

It even works.... but sending is slow as hell..

I have exim running on a gateway router, and exim scans ALL mails for spam/viruses (from inside and outside the LAN).

How can i make exim scan only external mails and skip the check for mails from "192.168.2.0/24" ?

here ist the acl-part of my setup:

```

primary_hostname = dyndns-acc.org

domainlist local_domains = @ : dyndns-acc.org : localdomain : localhost

domainlist relay_to_domains =

hostlist   relay_from_hosts = 127.0.0.1 : 192.168.2.0/24

hostlist auth_relay_hosts = *

hostlist auth_over_tls_hosts = *

acl_smtp_rcpt = acl_check_rcpt

acl_smtp_data = acl_check_content

av_scanner = clamd:/tmp/clamd

spamd_address = 127.0.0.1 783

qualify_domain = dyndns-acc.org

never_users = root

rfc1413_hosts = ! 192.168.2.0/24

rfc1413_query_timeout = 0s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

smtp_accept_queue_per_connection = 1000

smtp_accept_max_per_connection = 10000

extract_addresses_remove_arguments = false

tls_certificate = /etc/ssl/exim/server.pem

tls_privatekey = /etc/ssl/exim/server.pem

tls_advertise_hosts=*

received_header_text = Received: \

          ${if def:sender_fullhost {from ${sender_fullhost}\

          ${if def:sender_ident {(${sender_ident})}}}\

          {${if def:sender_ident {from ${sender_ident} }}}}\

          by ${primary_hostname}\

          ${if def:received_protocol {with ${received_protocol}}}\

          ${if def:tls_cipher {(tls_cipher ${tls_cipher})}}\

          ${if def:tls_peerdn {(tls_peerdn ${tls_peerdn})}}\

          id ${message_id}

begin acl

acl_check_rcpt:

   accept  hosts = :

   accept hosts = +relay_from_hosts

   accept  authenticated = *

   deny  message = Rejected mail: Forged HELO

   condition = ${if eq{$sender_helo_name}{MYIP}{yes}{no}}

   deny  message = Rejected mail: Forged HELO

   condition = ${if eq{$sender_helo_name}{my-domain.com}{yes}{no}}

   deny  message = Rejected mail: No HELO/EHLO received

   condition   = ${if eq{$sender_helo_name}{}{yes}{no}}

   deny  message = Rejected mail: Forged HELO

   condition     = ${if isip{$sender_helo_name}{yes}{no}}

   condition     = ${if eq{$sender_helo_name}{$sender_host_address}{no}{yes}}

   deny    local_parts   = ^.*[@%!/|] : ^\\.

   accept  local_parts   = postmaster

           domains       = +local_domains

   require verify        = sender/defer_ok

   deny   message       = Your host is listed in Blacklist

          log_message   = found in Blacklist

          dnslists      = nomail.rhsbl.sorbs.net:sbl-xbl.spamhaus.org:list.dsbl.org:relays.ordb.org:ix.dnsbl.manitu.net

   accept  domains       = +local_domains

           endpass

           verify        = recipient

   deny    message       = Rejected recipient: relay not permitted

acl_check_content:

  deny  message = This message contains a MIME error ($demime_reason)

         demime = *

      condition = ${if >{$demime_errorlevel}{2}{1}{0}}

       

  deny  message = This message contains an unwanted file extension ($found_extension). 

         demime = bat:btm:cmd:com:cpl:dll:exe:lnk:msi:pif:prf:reg:scr:vbs:url

 

  deny  message   = Hiding of file extensions is not allowed!

      log_message = Dangerous extension (CLSID hidden)

      regex       = ^(?i)Content-Disposition::(.*?)filename=\\s*"+((\{[a-hA-H0-9-]{25,}\})|((.*?)\\s{10,}(.*?)))"+\$

  deny  message = This message contains malware ($malware_name)

         demime = *

        malware = */defer_ok

  deny  message = This message matches a blacklisted regular expression ($regex_match_string)

          regex = [Vv] *[IiìíîïÌÍÎÏ1\¡] *[Aaàáâã\@ÀÁÂÃÄÅª] *[Gg] *[Rr] *[Aaàáâã\@ÀÁÂÃÄÅª]

  warn  message = X-My-HELO: invalid

    log_message = HELO argument does not match calling host

    !verify     = helo

  warn  message = X-Spam-Score: $spam_score ($spam_bar)

        spam = nobody:true

  warn  message = X-Spam-Report: $spam_report

        spam = nobody:true

  warn message = X-Spam-Flag: YES

       spam = nobody

  deny  message = This message scored $spam_score points. Congratulations!

        spam = nobody:true

        condition = ${if >{$spam_score_int}{50}{1}{0}}

  warn message = Subject: ***SPAM*** $h_subject

  spam = nobody

  condition = ${if >{$spam_score_int}{30}{1}{0}}

  accept   

begin routers

send_to_relay:

  driver = manualroute

  domains = ! +local_domains

  transport = remote_smtp

  route_list = * smtp.netcologne.de

system_aliases:

  driver = redirect

  allow_fail

  allow_defer

  data = ${lookup{$local_part}lsearch{/etc/mail/aliases}}

  file_transport = address_file

  pipe_transport = address_pipe

userforward:

  driver = redirect

  check_local_user

  file = $home/.forward

  no_verify

  no_expn

  check_ancestor

  allow_filter

  directory_transport = address_directory

  file_transport = address_file

  pipe_transport = address_pipe

  reply_transport = address_reply

localuser:

  driver = accept

  check_local_user

  transport = local_delivery

  cannot_route_message = Unknown user

begin transports

remote_smtp:

  driver = smtp

remote_tlssmtp:

  driver = smtp

  hosts_require_tls=*

  hosts_require_auth=*

local_delivery:

   driver = lmtp

   socket = "/var/imap/socket/lmtp"

   user = cyrus

   batch_max = 20

address_pipe:

  driver = pipe

  return_output

address_file:

  driver = appendfile

  delivery_date_add

  envelope_to_add

  return_path_add

address_directory:

  driver = appendfile

  delivery_date_add

  envelope_to_add

  return_path_add

  maildir_format

address_reply:

  driver = autoreply

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h

begin rewrite

begin authenticators

fixed_plain:

  driver = plaintext

  public_name = PLAIN

  client_send = ^myuser^mypassword

fixed_login:

        driver = plaintext

        public_name = LOGIN

        server_prompts = UserName:: : Password::

        server_condition = ${if saslauthd{{$1}{$2}}{1}{0}}

        server_set_id = $1

plain:  

        driver = plaintext

        public_name = PLAIN

        server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}

        server_set_id = $2

```

thx for any help!

----------

## xces

 *Strowi wrote:*   

> I have exim running on a gateway router, and exim scans ALL mails for spam/viruses (from inside and outside the LAN).
> 
> How can i make exim scan only external mails and skip the check for mails from "192.168.2.0/24" ?

 

Put "accept hosts = +relay_from_hosts" in the line directly after "acl_check_content:"

----------

## Strowi

thx, works fine now...

I guess i have read some more about the acl's, i thought this would let the mail already pass...

```

acl_check_rcpt:

   accept  hosts = :

   accept hosts = +relay_from_hosts 

```

----------

## xces

 *Strowi wrote:*   

> I guess i have read some more about the acl's, i thought this would let the mail already pass...

 

It does, but only in the RCPT stage of the SMTP dialog.  :Wink: 

----------

