--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/README	Tue Jul 07 07:18:11 2015 +0200
@@ -0,0 +1,41 @@
+# include at the beginning
+
+ perl_startup = do '…/check-message-conformance.pm'
+
+# ----
+
+# scan mime
+ acl_smtp_mime = acl_check_mime
+
+# scan data
+ acl_smtp_data = acl_check_mime
+
+# -----
+
+acl_check_mime:
+
+  accept condition = $acl_m_sig_found
+
+  warn
+    condition  = $mime_is_coverletter
+    !condition = $mime_is_rfc822
+    decode = default
+    set acl_m_sig_found = ${perl{check_sig}{$mime_decoded_filename}}
+
+  accept
+
+
+acl_check_data:
+
+  warn 
+    !condition = $acl_m_sig_found
+    set acl_m_sig_found = \
+        ${perl{check_sig}\
+              {$spool_directory/scan/$message_exim_id/$message_exim_id.eml}}
+
+  require 
+    message = no signature/disclaimer found
+    condition = $acl_m_sig_found
+
+
+    …

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/check-message-conformance.pm	Tue Jul 07 07:18:11 2015 +0200
@@ -0,0 +1,19 @@
+use Fcntl qw/:seek/;
+
+my $sig_pattern = qr/
+	^--\x20\s+	# signature delimiter dash-dash-space
+	^Heiko\s+	# signature text
+	\Z		# hard end of the signature
+/mix;
+
+sub check_sig {
+	my ($file, $sender) = @_;
+	
+	open(my $fh, $file) or die "Can't open $file: $!\n";
+	seek($fh, -1024, SEEK_END) or die "Can't seek to -1024: $!\n"
+		if -s $fh > 1024;
+
+	$_ = join '', <$fh>;
+
+	return /$sig_pattern/;
+}