On Mon, Dec 06, 2004 at 11:04:01PM +0100, Bernhard Erdmann wrote:
> Certainly by an ACL. Changes should be necessary once a week or on a
> lower frequency, so editing exim.conf and reloading it wouldn't be too
> hard. Much nicer indeed would be a file lookup containing lines of regex
> for unwanted subjects:
>
> ^MAKE MONEY FAST$
> ENLARGE YOUR P
> GAIN THREE INCHES
We use something like this:
-----------------------------------------------------------------------------------------------
deny message = Your virus reports do more harm than good.
condition = ${if and{\
{def:header_subject:}\
{match{$header_subject:}{${readfile{CONFDIR/lists/subject_blacklist}{|}}(?!)}}\
}{1}{0}}
log_message = Virus report (subject=$h_subject:)
-----------------------------------------------------------------------------------------------
And /etc/exim4/lists/subject_blacklist containing stuff like:
-----------------------------------------------------------------------------------------------
^\{Virus\?\}
Virus Detected by Network Associates, Inc\. Webshield
^---- Virus Detected ----$
^Virus [Dd]etected$
^Virus Alert$
^InterScan NT Alert$
^Virus found in the message$
^Message quarantined$
^VIRUS ALERT!
^Virus found in e-mail \(
^MDaemon Warning - Virus Found
-----------------------------------------------------------------------------------------------
Just make sure you don't put an empty line in the file with regexes, as this
will make it match all messages.
Marcin
--
Marcin Owsiany
porridge@???
