I've been seeing a lot of pathetically forged
Message-IDs lately, so this in a DATA acl has helped a
bit--though, btw, the HELO checks will catch a couple
orders of magnitude more:
deny condition = ${if
match{$h_Message-Id:}{\N^.*%(RNDDIGIT|RNDLCCHAR|RNDUCCHAR|MESSAGEID).*$\N}{1}{0}}
There is no doubt a SpamAssassin rule like this as
well. And there's probably some other goodies that can
be added to the regex.
And as far as one-off, stopgap rules go (at least till
people stop spamming with this subject), this'll catch
that recent spam where the subject is like "$23453"
(though of course this might catch legit mail too, but
999 times out of 1000...):
deny condition = ${if
match{$h_Subject:}{\N^\s*\$\d+\s*\N}{1}{0}}
I also like to see if people are hammering me with bad
RCPTs. I haven't played with this one much yet, but it
could be changed to add delays or drop connections or
whatever:
deny condition = ${if >{$rcpt_fail_count}{20}{1}{0}}
log_message = "Too many bounces"
(Pardon the formatting, tough to paste into Yahoo :)
>Date: Tue, 13 Jul 2004 08:11:23 -0700
>From: Marc Perkel <marc@???>
>To: exim-users@???
>Subject: Re: [Exim] ACL Spam Rejection Tricks
> JACKPOT!!! What a great ACL list!
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail