On Thu, Apr 25, 2002 at 09:14:32AM +0100, Patrick Kirk wrote:
Do you use exim? Some of this stuff can be done at that level.
In /etc/exim/exim.conf include something like this (may need to be
adjusted for version 3.x) :
system_filter = /etc/exim/system.filter
system_filter_user = nobody
system_filter_group = nogroup
Then put the snippets below in /etc/exim/system.filter.
| I have given up on using my .forward as a spam filter because I've now
| gone up to over 40 spam pieces a day and its a pain to keep adding
| conditions on each .forward on each account.
|
| Just to make clear, my particular desire to stop stuff from Korean and
| Taiwan is that I speak neither Korean nor Chinese.
|
| I wonder if anyone can help with these tests:
|
| 1. I am on numerous Korean spam lists. So I want to exclude all email
| with Korean charsets. How do I set $h_Content-Type: contains
| "ks_c_5601-1987" to score 20?
# I actually have this in my filter
if
"$h_Content-Type: $h_Subject:" contains "ks_c_5601-1987"
or
$h_Content-Type: contains "EUC-KR"
then
# use 'fail' if you want to send back a bounce message
#fail "<<incomprehensible foreign charset>>"
# this is a black hole
seen finish
endif
| 3. How can I blacklist specific names? For example, esavingszone send
| me two messages every day and I want them automatically blocked. But
| they use differing domain nemaes so I want to block
| esavingszone@foo.net. esavingszone@bar.net and every other
| esavingszone@anything.anything
In SA use the blacklist_from directive. (this checks the From: header)
In exim version 4 you can include this in an acl :
deny senders = \N^esavingszone@.*$\N
(This checks the envelope sender.)
If the envelope sender is predictable, then IMO this is the best
solution, and can be extended to look up addresses from a file.
In a system filter (exim 3 or 4) :
if
${local_part:$sender_address} is "esavingszone"
or
${local_part:$h_From:} is "esavingszone"
then
fail "<<$sender_address , $h_From:>> \
You have been blocked by the administrator."
seen finish
endif
(this checks both the envelope sender and the From: header)
| 2. I get a lot of stuff from Taiwan. Is it poossible to simply
| blacklist all mail relayed from ISPs with .tw tld?
| 4. The ISP that uses hanmail.net and daum.net is the single worst
| offender. Can I block all mail relayed theough these domains?
# I haven't tested this regex. Exim uses "pcre" (perl-compatible), but
# I'm more familiar with the old-school dialect used by vim, sed and grep.
if
"$h_Received:" matches "[a-zA-Z_]+\.tw\b"
or
"$h_Received:" matches "(hanmail|daum)\.net\b"
then
seen finish
endif
As an alternative to checking Received: headers, if you receive the
spam directly you can simply reject connections at SMTP time.
(or even firewall them)
HTH,
-D
--
Religion that God our Father accepts as pure and faultless is this: to
look after orphans and widows in their distress and to keep oneself from
being polluted by the world.
James 1:27
GnuPG key : http://dman.ddts.net/~dman/public_key.gpg
Attachment:
pgp17mtx5_Btr.pgp
Description: PGP signature