[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] spam filtering with exim



On Sat, Mar 31, 2001 at 11:11:08PM -0800, Karsten M. Self wrote:
<snip>
> > However, this fails to catch a lot of spam, because apparently it only
> > checks first hop taken by the mail message.  Most spammers these days
> > aren't using such a simple scheme.  Consider the following spam headers:
<snip>
> My understanding is that the spam block only works if the direct
> connection is coming from an RBL/ORBS listed IP.  In which case, exim
> drops or refuses the connnection.

Yup.  Unfortunately this was really not very effective.  It failed to
catch at least 75% of spam to my system, even if it was delivered
through an open relay at some point.

I ended up implementing a perl filter for procmail.  It scans the
headers of an incoming message for IP addresses and does an rblcheck on
them.  A new header is inserted in messages that fail the rblcheck.  
Thus far, it's done a great job.  It's a bit more aggressive than
the standard exim filters, so it occasionally catches stuff that's not
spam, but those cases are becoming more and more infrequent as I tweak
the script.

At some point I will try using this filter in a global procmailrc (using
procmail as the local MDA), but I am trying it on my own account first.

If anybody wants the script and procmail recipe, lemme know.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpdON04woKjj.pgp
Description: PGP signature


Reply to: