Re: [exim] stop spam by subject line

Top Page
Delete this message
Reply to this message
Author: Marcin Owsiany
Date:  
To: exim-users
Subject: Re: [exim] stop spam by subject line
On Mon, Dec 06, 2004 at 11:04:01PM +0100, Bernhard Erdmann wrote:
> Certainly by an ACL. Changes should be necessary once a week or on a
> lower frequency, so editing exim.conf and reloading it wouldn't be too
> hard. Much nicer indeed would be a file lookup containing lines of regex
> for unwanted subjects:
>
> ^MAKE MONEY FAST$
> ENLARGE YOUR P
> GAIN THREE INCHES


We use something like this:

-----------------------------------------------------------------------------------------------
   deny message = Your virus reports do more harm than good.
        condition = ${if and{\
                                {def:header_subject:}\
                                {match{$header_subject:}{${readfile{CONFDIR/lists/subject_blacklist}{|}}(?!)}}\
                        }{1}{0}}
        log_message = Virus report (subject=$h_subject:)
-----------------------------------------------------------------------------------------------


And /etc/exim4/lists/subject_blacklist containing stuff like:

-----------------------------------------------------------------------------------------------
^\{Virus\?\}
Virus Detected by Network Associates, Inc\. Webshield
^---- Virus Detected ----$
^Virus [Dd]etected$
^Virus Alert$
^InterScan NT Alert$
^Virus found in the message$
^Message quarantined$
^VIRUS ALERT!
^Virus found in e-mail \(
^MDaemon Warning - Virus Found
-----------------------------------------------------------------------------------------------

Just make sure you don't put an empty line in the file with regexes, as this
will make it match all messages.

Marcin
--
Marcin Owsiany
porridge@???