Re: [Exim] Systemfilter for Spamlogging

Top Pagina
Delete this message
Reply to this message
Auteur: Jens Strohschnitter
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] Systemfilter for Spamlogging
> > So I have added the following entries in my systemfilter:
> >
> > -->>
> > if $h_X-Spam-Level: contains "****" or $h_X-Spam-Status: contains "hits=5.0"
> > then
> >   logwrite "\n==========================================================\nFrom: \
> >             $h_From:\nSubject: $h_Subject:\nReceived: $h_Received: "
> >   seen finish
> > endif
> > <<--

>
> Why the "seen finish"? That will override all deliveries, so the message
> will in effect be blackholed.
>
> > But this will quarantine all spamdetected mails. So I want to log them AND
> > deliver them to the recipient.
>
> Get rid of the "seen".
>


Hi,

ok, thanx it works - but in all other entries of my system_filter, there are
entries with "seen finish" and it works - or do I have to add seen as last
entry of the system_filter-Commands ?

Here is a short chapter of my system_filter:

.
.
.

## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails.   These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif|mpe|mpeg|mpg|mp3|avi|wav)\")[\\\\s;]"
then
  fail text "\n\n\
             Ihre E-Mail $header_subject an $recipients\n\
             enthielt folgenden Anhang: $1\n\n\
             Anhaenge dieser Art werden von unserem Mailserver\n\
             zurueckgewiesen und dem Empfaenger nicht zugestellt.\n\n\
             Fuer weitere Fragen wenden Sie Sich bitte an unseren\n\
             Service und Support unter den Rufnummern\n\n\
             (069) 5003 - 333\n\
             (0221)1638 - 111"
  unseen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:vb[se]|ws[fh]|jse?|exe|com|cmd|shs|hta|bat|scr|lnk|pif|mpe|mpeg|mpg|mp3|avi|wav))[\\\\s;]"
then
  fail text "\n\n\
             Ihre E-Mail $header_subject an $recipients\n\
             enthielt folgenden Anhang: $1\n\n\
             Anhaenge dieser Art werden von unserem Mailserver\n\
             zurueckgewiesen und dem Empfaenger nicht zugestellt.\n\n\
             Fuer weitere Fragen wenden Sie Sich bitte an unseren\n\
             Service und Support unter den Rufnummern\n\n\
             (069) 5003 - 333\n\
             (0221)1638 - 111"
  seen finish
endif
## -----------------------------------------------------------------------


## SpamAssassin logging of spamdetected mails
#

if $h_X-Spam-Level: contains "****" or $h_X-Spam-Status: contains "hits=5.0"
then
  logwrite "\n==========================================================\nFrom: \
            $h_From:\nSubject: $h_Subject:\nReceived: $h_Received: "
  #deliver product@??? # sending spammail to product if needed
  #seen finish
endif





--
Regards,

     Jens Strohschnitter


-------------------------------------
*!!!LINUX LINUX LINUX LINUX LINUX!!!*

* http://www.jens-strohschnitter.de *
-------------------------------------
Set the controls for
         the heart of the sun
-------------------------------------