Richard, WhidbeyNet NOC(richs@???)@2002.07.02 16:28:53 +0000:
> I'm the mail administrator for an ISP that recently realized the
> benefits of Exim over Qmail. I finally became tired of the lack of Qmail
> updates and the wide array of 3rd party patches needed to give Qmail
> even basic features.
>
> We've also been using MailShield, a mail proxy that scans mail before it
> reaches our servers. It filters based on a wide variety of things, most
> importantly, message content. MailShield, too, is plagued with lack of
> updates and support, but filters message content fast.
>
> I discovered Exim has a built-in filtering mechanism, and after looking
> through the Exim 4 Filtering FAQ, believe it can do everything we need
> it to. We'd like to do user-level filtering, for customers who have
> chosen to have their mail filtered.
>
> However, we filter an ever-growing number of things. Over 4000 subjects,
> 2000 IP/blocks, and hundreds of message-body URL's. It would be
> impractical to do this 4000 times:
>
> if $header_subject matches "get.+rich.+quick"
> then
> finish
> endif
>
> How can we read a file containing a list of regexp values (subjects), to
> match against $header_subject? For example, read a file into an array
> and do:
>
> if $header_subject matches @listofsubjects
>
> Or, somehow do a regexp "lsearch" on the file. I realize we could,
> instead of using Exim filters, write some perl to do this.. but we want
> to stay within Exim as much as possible.
>
> It's important to be regexp, because our subjects are optimized. For
> example, we have "get rich quick" which catches "get rich and happier
> quick".
>
> Would performance be too much of an issue to do that in Exim? We have 3
> load-balanced Sun Ultra 10's which handle 2000 messages/hour each, but
> only 5% of that mail is filtered.
>
> Thanks for any help, and I apologize for anything obvious I missed,
>
> Rich
> richs@???
> WhidbeyNet Network Operations
>
I think you'd do well using spamassassin, since it will do body and header
checks against the email. Each "hit" is assigned a point value and if the
total hit points exceed a threshold, the email is flagged as spam.
After the email is flagged as spam either the MTA or MUA can do with it as
you like. I use it and it works wonders for preventing spam in my inbox.
--
Scott Nolde
GPG Key 0xD869AB48