[Exim] The absolute ULTIMATE spam tool feature I need

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Marc Perkel
Datum:  
To: exim-users
Betreff: [Exim] The absolute ULTIMATE spam tool feature I need
OK - I hope I got everyone's attention on this. Here's the feature I
need that would REALLY allow me to build a tool to block spam. I need a
feature where I can extract a string such as from, to, received, body,
ect. and compare that string to a list of regular expression stored in
an external text file, and then set a header in the message based on if
there is a match. For example - the list at the bottom is a text file of
banned hosts. Right now I have this almost working. Here's my code:

if "$h_received:" matches "${readfile{/etc/exim/blockhosts}{|}}"

then
headers add "X-Spam: [SPAM] - Blocked Host - $h_received:"
headers add "X-Spam-Bounce-Flag: YES"

BUT - the problem is that I can not have any blank lines. The last line
can not have a \n at the end. And - I'l like likes beginning with # to
be ignored. I REALLY REALLY nead this feature.

If I had this feature I could create the ultimate spam filter. I would
have many such black lists that I would create headers for - then let
spam assassin score the headers - and then exim would remove the headers
and process the spam based on those scores.

In Spam Assassin - I have rules like this:

uri BANNED_LINKS1
/(?:^https?\:\/\/|^mailto\:).*(?:needanewjob|valodata|jutan|bridgewater|youngblue|rocketfibre|shopnow|affistats|priceisright|compare-lender|onlinefullservice|hellomail|datex).*\//i
describe BANNED_LINKS1        Links to Banned Companies 1


uri BANNED_LINKS2
/(?:^https?\:\/\/|^mailto\:).*(?:ientry|mybill|dyfyi|affinitycommerce|unsecured-credit|e-centives|fyi01|clicktrack|trackingclick|emailads|zizi|vistaprint|census\.biz|bettervling).*\//i
describe BANNED_LINKS2        Links to Banned Companies 2


What I want to do is to do this in Exim but have the list be in an
external text file on separate lines rather than giant OR expressions.

If I could build these lists as separate files - I would have black
lists for:

From Addresses
Reply To:
Name part of From
Links to banned sites
Recieved headers
Phrases in subject lines
Deliberately Misspelled words

Now - as you can see - and I do this now - I can make a rule or bunch of
rules that catch this with giant OR regular expressions. BUT - the real
advance is to be able to put the giant OR expression in an external text
file and have something that works like "readfile" but strips the blank
lines - strips comment lines - and strips the trailing newline.

If I had this feature I will share how I use it to create a spam filter
that can catch 80% of all spam with 100% accuracy and the remaining 20%
of spam with 95%+ accuracy. I use a two level spam filter where I nuke
80% of spam and flag the remaining 20% with a tag. But this feature that
I really need would greatly simplify the process of building rules and
perhaps allow for some automation in building these lists.

So - again - what I need is a readfile that is just a little smarter
that the one we have now. A readfile that ignores blank lines, comment
lines, and no newline on the last entry. That would do it for me.


blocklist:

^.*[0-9]send
^.*adelivery
^.*adversend
^.*andtate.com
^.*antarhsm
^.*apdlist
^.*astonishingfinds
^.*bargain
^.*casino
^.*clickformail
^.*coolwebzone.net
^.*crowninsurance
^.*csbentertainment.com
^.*discountdeals
^.*dlyfy
^.*edirectbroadcast
^.*emailbucks
^.*email-info
^.*emailpromoter
^.*ethome.net.tw
^.*excitingemail
^.*financedance
^.*flowgo
^.*gatelock
^.*giveaway
^.*glatfelters.com
^.*goober
^.*hotdeal
^.*\.hsm
^.*hspeedm
^.*hmspeed
^.*idtworldwide.com
^.*interestonly
^.*intradeals
^.*listsend
^.*looking4fun
^.*lowball
^.*mxdat
^.*mxfree
^.*mydomain
^.*netlist
^.*newsweekmag
^.*newsweekmag.com
^.*nicetimeshare
^.*(offrz|offrs|offers|dealz)
^.*opinionsurveys
^.*optonline
^.*overlycute
^.*postmasterdirect.com
^.*powerfulquotes
^.*primetimedirect
^.*rapid-e.net
^.*savingsengine
^.*smoothdelivery
^.*special-
^.*specials-daily
^.*speedi-list
^.*superonline
^.*supersizehosting
^.*toplinequotes.com
^.*valueplus
^.*webbersinternet
^.*yourbigvote
^.*yourmail