Philip Hazel wrote:
> What is in the spamlist.db database? The flat form would need to be like
> this:
> 192.168.3.4: 192.168.3.4
Both the vortex (vortex.com's blocklist suitably modified for non-TCP
wrappers use) and spamlist (MAUI Gateway's spammer list ditto) flat
files consist both of IP literals and domains. They take the form (on
our machine, at least) of:
*.savetrees.com
*.ispam.net
*.isp-am.net
205.199.212.
207.124.161.
*.cybermirror.com
*.cybermirror1.com
I couldn't possibly hand-edit these files. Vortex's alone is 2,800+
lines long and MAUI's 1800+
BUT - YIPPEE!!!
> if $message_headers matches
> "${lookup {${mask:$sender_host_address/24}} dbm {/var/mail/blocked/nets}
> ${value}{nevernevernever}}"
> then ...
The following seems to work for the domain entries _without_ changing
the basic flat file at all (Vadim said it couldn't be done).
It's the word 'match' rather than 'contain' in the last set of
conditionals.
Please let me know if you see any reason to condemn it. It's faster than
I expected, too. It won't work for IP numbers, though, probably
(yesterday nothing worked):
# Exim filter
logfile /usr/exim/spool/log/thspamlog
if ($message_headers contains "Received: from mail.MSExchange.nl" or
$message_headers contains "Received: from server1.fallbck.net" or
$message_headers contains "Received: from server2.fallback.net")
then if
$message_headers matches "${lookup {$sender_address_domain}
partial-dbm* {/var/mail/blocked/vortex.db} {$sender_address_domain}}"
then
log "$tod_log $message_id SPAM-X-UIDL: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$header_to"
save /var/mail/blocked/cesspit/thspam
endif
endif
Tony
--
Tony Earnshaw
Randstad 2157
1314 BH Almere, NL
e-mail: tonye@???