Re: [Exim] ACL Spam Rejection Tricks

Top Page
Delete this message
Reply to this message
Author: mark moseley
Date:  
To: exim-users
Subject: Re: [Exim] ACL Spam Rejection Tricks
I've been seeing a lot of pathetically forged
Message-IDs lately, so this in a DATA acl has helped a
bit--though, btw, the HELO checks will catch a couple
orders of magnitude more:

deny condition = ${if
match{$h_Message-Id:}{\N^.*%(RNDDIGIT|RNDLCCHAR|RNDUCCHAR|MESSAGEID).*$\N}{1}{0}}

There is no doubt a SpamAssassin rule like this as
well. And there's probably some other goodies that can
be added to the regex.

And as far as one-off, stopgap rules go (at least till
people stop spamming with this subject), this'll catch
that recent spam where the subject is like "$23453"
(though of course this might catch legit mail too, but
999 times out of 1000...):

deny condition = ${if
     match{$h_Subject:}{\N^\s*\$\d+\s*\N}{1}{0}}



I also like to see if people are hammering me with bad
RCPTs. I haven't played with this one much yet, but it
could be changed to add delays or drop connections or
whatever:

deny condition = ${if >{$rcpt_fail_count}{20}{1}{0}}
     log_message = "Too many bounces"



(Pardon the formatting, tough to paste into Yahoo :)



>Date: Tue, 13 Jul 2004 08:11:23 -0700
>From: Marc Perkel <marc@???>
>To: exim-users@???
>Subject: Re: [Exim] ACL Spam Rejection Tricks


> JACKPOT!!! What a great ACL list!





__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail