Though it's becoming less effective now, with the spammers using different
tactics that are harder to trace it still is somewhat effective against some..
if ((($header_SUBJECT: matches "(\\.\\+)\\\\s{5}([a-z0-9][a-z0-9]*)\\$") or
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}(\\\\[[a-z0-9][a-z0-9]*\\\\])\\$") or
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}(\\\\([a-z0-9][a-z0-9]*\\\\))\\$") or
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}{\\\\([a-z0-9][a-z0-9]*\\\\)}\\$") or
($header_SUBJECT: matches "(\\.\\+)\\\\s{5}(-[a-z0-9][a-z0-9]*)\\$"))
and (($header_from: is not no-reply@???) or $header_to: is not support@???))
then
logfile /var/log/exim/spam.log
logwrite "$tod_log $message_id $sender_address ($sender_host_name[$sender_host_address]) => $recipients (recipients=$recipients_count) subject=$1 ($2)"
logwrite "------------------------------------------------------------------------------\n"
logwrite "$tod_log $message_id Possible Spam Message Detected (Subject: xxxx $2)\n"
logwrite "$message_headers\n"
logwrite "------------------------------------------------------------------------------\n"
headers add "X-Checked: Possible Spam (Subject: xxxx $2)"
unseen deliver if.spam@???
freeze text "Possible Spam (Subject: xxxx $2)"
finish
endif
---
Jason Robertson
Network Analyst
jason@???
http://www.astroadvice.com