Re: [Exim] Exim filter db lookups - full stop

Top Page
Delete this message
Reply to this message
Author: Tony Earnshaw
Date:  
To: Exim
Subject: Re: [Exim] Exim filter db lookups - full stop
Philip Hazel wrote:

> What is in the spamlist.db database? The flat form would need to be like
> this:
> 192.168.3.4: 192.168.3.4


Both the vortex (vortex.com's blocklist suitably modified for non-TCP
wrappers use) and spamlist (MAUI Gateway's spammer list ditto) flat
files consist both of IP literals and domains. They take the form (on
our machine, at least) of:

*.savetrees.com
*.ispam.net
*.isp-am.net
205.199.212.
207.124.161.
*.cybermirror.com
*.cybermirror1.com

I couldn't possibly hand-edit these files. Vortex's alone is 2,800+
lines long and MAUI's 1800+

BUT - YIPPEE!!!

> if $message_headers matches
>   "${lookup {${mask:$sender_host_address/24}} dbm {/var/mail/blocked/nets}
>     ${value}{nevernevernever}}"
> then ...


The following seems to work for the domain entries _without_ changing
the basic flat file at all (Vadim said it couldn't be done).

It's the word 'match' rather than 'contain' in the last set of
conditionals.

Please let me know if you see any reason to condemn it. It's faster than
I expected, too. It won't work for IP numbers, though, probably
(yesterday nothing worked):

# Exim filter

logfile /usr/exim/spool/log/thspamlog

if ($message_headers contains "Received: from mail.MSExchange.nl" or
   $message_headers contains "Received: from server1.fallbck.net" or
   $message_headers contains "Received: from server2.fallback.net")
   then if
   $message_headers matches "${lookup {$sender_address_domain}
partial-dbm* {/var/mail/blocked/vortex.db} {$sender_address_domain}}"
   then
   log "$tod_log $message_id SPAM-X-UIDL: sender=$sender_address \
     subject=$header_subject: recipients_count=$recipients_count \
     recipients=$header_to"
  save /var/mail/blocked/cesspit/thspam
  endif
endif


Tony

--

Tony Earnshaw
Randstad 2157
1314 BH Almere, NL

e-mail: tonye@???