wishlist item (was: Re: [Exim] Filtering)

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Dennis Taylor
CC: Exim
Old-Topics: Re: [Exim] Filtering
Subject: wishlist item (was: Re: [Exim] Filtering)

Anything done in a filter to catch spam is still going to end you up
with the spam stuck on your system - trying to bounce to a
(likely) nonexistant sender address..

Item for wishlist (if it isnt already there):

The ability to do filter-like things at SMTP time, after receipt of the
DATA section of the message, but _before_ exim gives any response, so
that the filter-like thing can control wether exim gives a 5xx, or a
2xx. Obviously this would have to be as tight code as possible to avoid
signifigant performance degradation. It could be a very limited subset
of the filtering language, and/or possibly something which gets written
in a textual language, but which must be preprocessed/compiled for exim
to use..


On Tue, 12 Sep 2000, Dennis Taylor wrote:

> A lot of spammers put a tag on their subject line which consists of a
> number of spaces and some garbage. I guess they're trying to avoid subject
> filters, but it actually tags the mail as spam.
>
> This is what works for me. Catches a lot of crap. The header_to test
> ensures that anything actually addressed to someone in our domain gets
> through. Very few spammers bother to individually address their crap.
>
> The only danger is if a mailing list that you are on sends you some email
> that fits this. If you are concerned about this, you can test for mailing
> list sources (i.e. exim.org) earlier in the filter (I can't remember
> offhand what the command is to cease filtering and accept the mail).
>
>
> if $header_to does not contain "pctc" and
>    (
>    $header_subject matches "
>     -[a-z0-9][a-z0-9]*\\$" or
>    $header_subject matches "
> [a-z0-9][a-z0-9]*\\$" or
>    $header_subject matches "
> \\\\[[a-z0-9][a-z0-9]*\\\\]\\$" or
>    $header_subject matches "
> \\\\([a-z0-9][a-z0-9]*\\\\)\\$"
>    )
> then
>         fail text "SPAM is not acceptable at this site"
>         finish
> endif

>
>
> At 01:59 PM 9/12/00 -0400, Jason Robertson wrote:
> >Thanks Philip was wondering about this in relation to subjects..
> >
> >Though i do have a few tests that work on catching some spam.. The
> >problem I have now is that I need to filter on more items
> >
> >if ($h_message-id contains <>) then
> >if ($h_Message-ID contains <@>) then
> >if (("${if !def:header_to: {nospam}}" is nospam ) (this is catches good
> >messages too)
> >if ($h_to: contains <> ) then
> >if ($h_from: begins @) then
> >if ($header_subject: is "Search Engine Secrets Discovered" ) then
> >
> >
> >
> >
> >On 12 Sep 2000, at 10:32, Philip Hazel wrote:
> >
> >> On Tue, 12 Sep 2000, Scott Stavretis wrote:
> >>
> >> > How can I run this so that I can jsut put one enty in my main filter
> file that
> >> > points to another file that just has the addresses in it?
> >> >
> >> > eg. /etc/filter contains
> >> > if $header_from contains "**SOMEHOW POINT TO /etc/filter.addresses **"
> then
> >> > fail text "INVALID ADDRESS" endif
> >> >
> >> > and /etc/filter.addresses contains a list of e-mail addresses
> >>
> >>
> >> if ${lookup{$header_from:}lsearch{/some/file}{yes}{no}} is yes then
> >>
> >>                         ^
> >>                         ^
> >>                 This colon is important.        

> >>
> >> -- 
> >> Philip Hazel            University of Cambridge Computing Service,
> >> ph10@???      Cambridge, England. Phone: +44 1223 334714.

> >>
> >>
> >>
> >
> >
> >
> >---
> >Jason Robertson                
> >Network Analyst            
> >jason@???    
> >http://www.astroadvice.com      

> >
> >--
> >## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
> >
> ---
> Dennis Taylor
> ---
> Don't worry about people stealing your ideas. If your ideas
> are any good,
> you'll have to ram them down people's throats.
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--