Re: [Exim] Using lists as OR expressions to make an effectiv…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMPhilip Hazel at <-
MMPhilip Hazel at ->
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
Subject: Re: [Exim] Using lists as OR expressions to make an effective spam filter
This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
One of the things I'm doing is creating a black list based on what spam
links to. Here's how I'm doing it.

###################################################
# Tests for LINKS to Banned Sites - BLACK LINKS
# (http://|mailto:).{0,15}(farmsex.com|nastybitches.com).{0,10}/

if "$message_body:" matches
\x28http\:\/\/\|mailto\:\x29.{0,15}\x28${sg{${sg{${sg{${readfile{/etc/exim/lists/blocklinks}{|}}}{\\|+}{|}}}{#.*?\\|}{}}}{\\|\$}{}}\x29.{0,10}\/
then
headers add "X-Temp-Blocklink: YES"
endif

Is it possible to do this with wildlsearch?

This trick along with several other's like this in conjunction with Spam
Assassin is giving me around 99% accuracy catching spam. My list op
banned sites to link to is extremely effective. I may just be processing
25000 messages a week, but 19,000 are spam on of that only about 100 are
uncaught making my users very happy and it's worth the processing power
to do it.


Philip Hazel wrote:

>On Sun, 25 May 2003, Marc Perkel wrote:
>
>
>
>>I again request that EXIM build this in.
>>
>>
>
>1. What exactly do you want built in? Is it the ability to say "If x
>matches any regex in this file"? That ability is already there:
>
> if ${lookup{x}wildlsearch{/some/file}{yes}{no}} is yes then ...
>
>2. Doing a large number of regular expression matches is going to be
>inefficient; it will be worth your while to study Jeff Friedl's book in
>order to tune your regexes for maximum efficiency.
>
>3. Doing this from within the Exim filter language, which is interpreted
>in a simple-minded way (it was never designed for this) is going to be
>extremely inefficient. OK, if your load is low and your hosts can handle
>the workload, then why not? But if the load increases... I am still of
>the opinion that the best place (from an efficiency point of view) to do
>this kind of work is in an external program.
>
>--
>Philip Hazel            University of Cambridge Computing Service,
>ph10@???      Cambridge, England. Phone: +44 1223 334714.
>Get the Exim 4 book:    http://www.uit.co.uk/exim-book

>
>
>--
>
>## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
>
>
--



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Lists supportedRe: [Exim] Lists supported->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)