On Thu, 4 May 2000, Andromeda wrote:
> At 13:01 04/05/2000 +0100, you wrote:
> >#if ($message_body CONTAINS "LOVE-LETTER-FOR-YOU.TXT.vbs" and
> ># $message_body_size is above 5k) then
> ># freeze
> >#endif
>
> This one is more helpful actually, since the attachment name is MORE
> important than the subject. Subjects leave a lot of false positives,
> especially on mailing lists.
I was getting false negatives on that for reasons I didn't take the time
to explore. That is why I commented it out, and went for the simplier
test on the subject.
> Now, where do we implement this filter, and how? I want to ensure that my
> system is clean.
In the main part (first part) of the exim configuration file
message_filter = /path/to/system-filter-file
I really do recommend that people fail or freeze these. This thing really
is moving. We are a medium sized site (12000 incoming message a day), but
I've caught about 40 of these in the last 30 minutes.
-j
--
Jeffrey Goldberg +44 (0)1234 750 111 x 2826
Cranfield Computer Centre FAX 751 814
J.Goldberg@??? http://WWW.Cranfield.ac.uk/public/cc/cc047/
Relativism is the triumph of authority over truth, convention over justice.
