Hello,
I got into trouble when using an exim acl-condition
with regular expression:
Since more and more of our users complaint about spam
with sexual contents, I entered ACL conditions like the
following under acl_check content to check for keywords
included in these mails:
deny message = Sorry, message matches a blacklisted regular
expression (4)
regex = [^a-zA-Z][Ss][^a-zA-Z]*[Ee][^a-zA-Z]*[Xx][^a-zA-Z]
During testing it seemed to work fine cause it blocks things
like S*e)x but lets trough mails thith sentences like "our site
is located in Essex".
Unfortunately an important customer tried to send a mail with
an attched word-document this morning. His message was denied
cause within the bytecode of the word-document was the pattern
+s2eX/. This happened a second time, even with a pattern two
letters longer.
The customer was pretty upset about this and I had to disable
my expression checking.
Is it possible to prevent checking of the attached documents
bytecode? If not, how can I use this acl check for regular
expressions at all? One can never be sure what patterns will
be within this code by chance!
Would it be better to use a system-filter instead and fail
the messages if the condition is true?
Further down you'll find a little part of the word-documents
bytecode with the mentioned pattern.
Thanks for your help!
Michael
w8+P6/5/LsTPxdeXX3eTAIjkfrHZl76Z9pNqe/2k1aUi9Vnk3n+LiLmde48K8Uzh
NdUiU+lot/sWZc1r/U3s+RxdjRO/XIcFP6NyN4Op9h9T/2Py0OJ1l4/3EqAf/vaD
+s2eX/9/Xwshui8CEt1ggDFATZZ8719leTxIuhc4/LzRrkTXNiI0MSpirtVQVpdA
qkWjA4bRjYsiRWD0+cuAqzV+D4jRdMeg0Wxn5TcAMK3pv/t/ve7ob55vhv9EpIRz
bdqdaF/yTT+hsOmRGOqkStr914+YY06oRZiNrJW5kiulkmzMg/e3AAGTUOfZhw2B
/*****************************************************
Michael Patschull Heinrich Klumpp GmbH
michael.patschull@???
Motorstrasse 59
D-70499 Stuttgart
Tel: ++49-711-86707- 0
Fax: ++49-711-86707-13
www: www.klumpp.de
*****************************************************/
