Odhiambo Washington [
mailto:wash@wananchi.com] >
> Which Greylist Daemon implementation do you use? How effective is it?
I think of it as "the Python greylistd"
I use the daemon version but there is also
a MySQL implementation for those who prefer
to use MySQL right from inside of Exim:
<
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Spam-F
iltering-for-MX.html#exim-greylisting >
<
http://packages.debian.org/unstable/mail/greylistd >
<
http://ftp.debian.org/debian/pool/main/g/greylistd/greylistd_0.8.3.tar.gz
>
> > (Actually, I have another set of Regex filters that drop
> most of the
> > High Spam if it meets other criteria.)
>
> Those would be nice to share out as well ;)
Ok, they are just crude Regex-subject filters
which test for High Spam AND sets of (mostly)
subject lines I have seen to be practically
always spam (and truly always if the message
is high spam.)
I have sets for bad extensions, bad charsets,
and subjec lines...
Currently I have three of these, here is ALL of
#1 and your are welcome to the other two if this
one if of any value but likely it is idiosyncratic
to my email -- and it will likely line wrap so
if it gets to ugly let me know and I will repost
as an attachment...
deny message = Illegal subject line #1.
!authenticated = *
!senders = :
condition = ${if <{$message_size}{MAX_SPAM_SIZE}{1}{0}}
# DO NOT use domain in DATA ACL!!!!!!!!!!!!!
# domains = +local_domains : +relay_to_domains
spam = USERNAME/defer_ok
condition = ${if >{$spam_score_int}{HIGH_SPAM_SCORE}{1}{0}}
set acl_m0 = ${lc:$h_subject:}
set acl_m1 = ${if or { \
{match {$acl_m0}
{ultimate\\sonline\\spharmac} } \
{match {$acl_m0}
{trader\\sst[o0]ck\\sreport} } \
{match {$acl_m0} {emerg.*st[o0]ck}
} \
{match {$acl_m0}
{total\\sproductive\\smaintenance} } \
{match {$acl_m0} {meet\\ssingles}
} \
{match {$acl_m0}
{nation(wide|al).*(study|survey)} } \
{match {$acl_m0} {(small|micro).?cap}
} \
{match {$acl_m0}
{\\b((st[o0][xk]s?)|(st0cks?))\\b} } \
{match {$acl_m0} {^sexually-explicit:}
} \
{match {$acl_m0}
{^national\\ssurvey.*\\bvs.*} } \
{match {$acl_m0}
{^national.*survey\\s-\\swhich.*prefer} } \
{match {$acl_m0}
{survey\\s+-\\s+[a-z]+\\s+vs\\s+[a-z]}}\
{match {$acl_m0}
{.*\\bvs.*national\\ssurvey} } \
{match {$acl_m0}
{complimentary.*,.*survey} } \
{match {$acl_m0} {\bher\b.*\btablet}
} \
{match {$acl_m0} {simpledebtrelief}
} \
{match {$acl_m0} {get\\srid\\sof
your\\sdebt} } \
{match {$acl_m0} {\\bulta\\b}
} \
{match {$acl_m0} {\\bmastering project
management\\b} } \
{match {$acl_m0} {^pharmacy\\s-\\s[0-9]+%
off\$} } \
{match {$acl_m0}
{^you.*receive\\sa\\scell} } \
{match {$acl_m0}
{^medical\\shair\\srestoration} } \
{match {$acl_m0} {universal\\slottery}
} \
{match {$acl_m0} {lottery\\spromotions}
} \
{match {$acl_m0}
{\\\$[0-9]+\\sgas\\scard} } \
{match {$acl_m0}
{singles\\sin\\syour\\sneighborhood} } \
{match {$acl_m0}
{complimentary.*worth.*\\\$[0-9]+} } \
{match {$acl_m0} {consultation.*bosley}
} \
{match {$acl_m0}
{(our|her|soft|cheap)\\s?tab} } \
{match {$acl_m0}
{egypt.*(tax|custom).*law} } \
{match {$acl_m0}
{alert.*hot\\sstoc?(k|x)} } \
{match {$acl_m0}
{best\\sthing.*large\\spa} } \
{match {$acl_m0}
{there\\sshe\\sblows!|\bfuck} } \
{match {$acl_m0} {\bfuck|handjob|blowjob}
} \
{match {$acl_m0} {shoot.*times}
} \
{match {$acl_m0}
{((teen|suck|(pic(s|picture)|hot)).*)\{2\}}} \
{match {$acl_m0} {\bspur-m\b}
} \
{match {$acl_m0}
{(hot|grandslam|powerhouse|line|penny|uptick).*st[o0][ckx]}} \
{match {$acl_m0} {stock\\salert}
} \
{match {$acl_m0}
{is\\sit\\salways\\sthat\\smuch\\?} } \
{match {$acl_m0}
{natural\\sweight\\sloss} } \
{match {$acl_m0} {\\bpen[il|]s}
} \
{match {$acl_m0} {download.*dvd}
} \
{match {$acl_m0}
{rolex|(r.l+ex)|replica\b} } \
{match {$acl_m0} {ejaculat|shit|bungho}
} \
{match {$acl_m0} {online\\s(rx|pharmac)}
} \
{match {$acl_m0} {sex\\slife.*like}
} \
{match {$acl_m0}
{\\b((cum|piss|jism|ass|cunt|twat|rape).*)\\b}} \
{match {$acl_m0}
{scripton.*(drug|online)} } \
{match {$acl_m0} {reduce
wrinkles|,\\slose weight} } \
{match {$acl_m0} {^impotence
(treatment|party)\$} } \
{match {$acl_m0}
{^seize\\sthe\\smoment\$} } \
{match {$acl_m0}
{(\\bv|\\/)[i1.|l!íì]+[.a@]+gr} } \
{match {$acl_m0}
{extreme\\sbedroom\\smakeover} } \
{match {$acl_m0}
{^tr.*the\\sblue\\spill\$} } \
{match {$acl_m0} \
{((\\bv|\\/)[a@à]l[i|.!l1íì]um)|(c[i1.|l!íì][.a@à]l[i|.!l1íì]s)|(x[.a@à]n[.a
@à]x)}} \
{match {$acl_m0}
{pharmaceutical\\srevolution} } \
{match {$acl_m0} {radar\\sequity}
} \
{match {$acl_m0}
{^does\\syour\\sbusiness\\sdepend\\son.*web} } \
{match {$acl_m0} {^find\\syour\\smatch\$}
} \
{match {$acl_m0} {organ\\smass}
} \
{match {$acl_m0} {male\\senhancement}
} \
{match {$acl_m0}
{(d[i1l|]sc0unt)|(d[|l1]scount)} } \
{match {$acl_m0} {\\bhoth\\b}
} \
{match {$acl_m0}
{winning\\snotification.*\\buk} } \
{match {$acl_m0} {evidence\\seliminat}
} \
{match {$acl_m0}
{^your\\swinning\\snotification.\$} } \
{match {$acl_m0}
{looking\\sfor\\scheap.*software} } \
{match {$acl_m0} {populare
software.*low.*(price|cost)}} \
{match {$acl_m0} {unsubscribe}
} \
{match {$acl_m0}
{((microsoft|adobe|macromedia|corel).*)\{2\}}} \
{match {$acl_m0}
{((college|girl|webcams|hot|teens).*)\{2\}} } \
{match {$acl_m0} {\bsemen\b}
} \
{match {$acl_m0} {jackrabbit\\svibrator}
} \
{match {$acl_m0}
{want\\ssomething\\sextra\\sin\\sbed\\?}} \
{match {$acl_m0}
{is\\sit\\salways\\sthat\\smuch\\?} } \
{match {$acl_m0} {sexually-explicit:}
} \
{match {$acl_m0}
{refinancing\\scalculator} } \
{match {$acl_m0} {need low priced
software\\?} } \
{match {$acl_m0}
{congratulations,\\syou.*won\\sus\\\$[\d,.]}} \
{match {$acl_m0}
{((asset|graduated|lease).*)\{2\}\$} } \
{match {${lc:$rh_subject:}}
{iso.*v[ia=c]+[\d]?g+r+[a_c=]} } \
{match {${lc:$rh_subject:}}
{iso.*v[ia=c]+[\d]?[l1]+[ed_c=]u+m} } \
{match {${lc:$rh_subject:}}
{iso.*c[1l|!iae0]\{2\}s} } \
{match {$acl_m0}
{facelift\\swithout\\ssurgery\{2\}} } \
{match {$acl_m0} {achats\\sen\\schine}
} \
{match {$acl_m0}
{(((attract|find|get)|(car|mate|date)|dream).*)\{2\}}} \
{match {$acl_m0} {^average\\sgirls}
} \
{match {$acl_m0} {debt.*free.*tomorrow}
} \
{match {$acl_m0} \
{(\b(buy|cheap|prescriptions|online|software|drug|medic|rx).*)\{3\}}} \
{match {$acl_m0} \
{((compliment|gift|card|participat|survey|require).*)\{3\}}}\
{match {$acl_m0}
{\\bimpoten|ejaculat|enlarge yourself}}\
{match {$acl_m0}
{((ford|chevy|dodge).*)\{4\}} }\
{match {$acl_m0} {dr@gs|disc0unt|cumshot}
}\
{match {$acl_m0}
{ich\\ssehe\\swas,\\swas\\sdu\\snicht\\ssiehst} }\
{match {$acl_m0}
{intelligent\\sinvestor\\sreport} }\
{match {$acl_m0}
{not\\sworking\\slike\\sit\\sused} }\
{match {$acl_m0} {designer\\swatches}
}\
{match {$acl_m0}
{last\\slonger\\sin\\sbed} }\
{match {$acl_m0}
{^look\\s(for\\s)?here?\$} }\
{match {$acl_m0}
{.+\\sor\\s.+\\s-\\s.+\\svote\$} }\
{match {$acl_m0} {no\\sdoctors\\svisit}
} \
{match {$acl_m0} {mensagem|tadalafil}
} \
{match {$acl_m0} {guanandi|aposentadoria}
} \
{match {$acl_m0}
{(\\b(secret|attract|beaut|women).*)\{3\}}} \
{match {$acl_m0}
{suprise\\sfor\\syour\\swoman} } \
{match {$acl_m0} {enlargement\\spill}
} \
{match {$acl_m0} {hair\\sloss}
} \
{match {$acl_m0}
{((stock|(super\\s?nova)).*)\{2\}} } \
{match {$acl_m0}
{earn\\s\\\$\d+,\d\{3\}\\s(every|per|each)}} \
{match {$acl_m0}
{your\\saccount\\shas\\sbeen\\shacked}} \
{match {$acl_m0} {\\bstockwire:}
} \
{match {$acl_m0}
{your\\semail\\shave\\s+won} } \
{match {$acl_m0} {bank.*of.*the.*west.*}
} \
{match {$acl_m0}
{notification.*limit.*account\\saccess}} \
{match {$acl_m0}
{^bank\\sof\\sthe\\swest\\sauto-reply\$}} \
{match {$acl_m0}
{^autoresponse\\s-\\semail\\sreturned}} \
{match {$acl_m0}
{(big\\sbertha)|callaway} } \
{match {$acl_m0} {wealth\\schallenge}
} \
{match {$acl_m0} {brighton\\shandbag}
} \
{match {$acl_m0} {vipcasino}
} \
{match {$acl_m0} {fridge,\\sno}
} \
{match {$acl_m0}
{complimentary\\s(payless|shoe)} } \
{match {$acl_m0} {get\\sit\\sup\\sagain}
} \
{match {$acl_m0} {fuck}
} \
{match {$acl_m0} {masturbat}
} \
{match {$acl_m0}
{become\\sa\\shomeowner\\swith\\slow}} \
{match {$acl_m0}
{best\\sprices\\sfor\\scomplete.*and\\smore}} \
{match {$acl_m0}
{^high\\squality\\sreplica\$} } \
{match {$acl_m0} {^xxxxxx\$}
} \
} {$0} {}
}
condition = ${if eq{$acl_m1}{} {false} {true}}
log_message = Illegal subject line #1 $spam_score [$acl_m1].
# logwrite = :reject: H=$sender_fullhost F=$sender_address
R=$local_part@$domain Illegal subject [$acl_m1].
--
Herb Martin
