[Exim] basic spam filter

Top Page
Delete this message
Reply to this message
Author: Sebastien J Gross
Date:  
To: exim-users
Subject: [Exim] basic spam filter
Hi there,

Actually I got lot of spam on my mailers.

The stuff is that the same helo string is used, a fake yahoo one.

For example:
     Received: from yahoo.com (unknown [aaa.bbb.ccc.ddd])


Thus I wrote a director that filter this helo string and reject it if
the sender's ip does no match the helo string. Data are fetched into
DBM files.

I got /etc/exim/helo_reject that contains a list of rejected helo and
a file path to an other dbm file that contains list of authorized IP
for this helo string.

An example should be clearer :

/etc/exim/helo_reject:

domain1.com:    /etc/exim/helo_accept/d/o/m/domain1.com
foobar.org:     /etc/exim/helo_reject/f/o/o/foobar.com
[...]


/etc/exim/helo_accept/d/o/m/domain1.com:
123.234.2.1

/etc/exim/helo_reject/f/o/o/foobar.com does not exist (I do not want
foobar.org as an helo string)



This mean: I block both "domain1.com" and "foobar.org" in helo
sting. But I accept "domain1.com" for host 123.234.2.1

I defined a macro that fetch the name of the IP list file:

HELO_ACCEPT_FILE = ${lookup {${lc:$sender_helo_name}} lsearch \
                        {/etc/exim/helo_reject}{$value}fail}



The director:
helo_spamers:
  driver = localuser
  require_files = HELO_ACCEPT_FILE
  condition = ${lookup {$sender_host_address} dbm {HELLO_ACCEPT_FILE} \
                {0}{1}}
  transport = black_hole


The transport:

black_hole:
driver = appendfile
group = mail
mode = 0660
file = /dev/null


My question is:
It is possible to potimize this a little bit?

- I wouldn't set an helo string and a file path in the
  /etc/exim/helo_reject. If I could have:
          domain1.com
          foobar.org
  and let exim do the job, it would be great.


- The IP file should only contains IP adresse, no network adress (not
CIDR notation, or IP range). Is it possible to change to such notations?


TIA

--
Sebastien J. Gross