Re: [exim] Blocking Stock Spam ACL

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Blocking Stock Spam ACL
On Fri, Dec 08, 2006 at 01:20:30PM +0000, Pete McEvoy wrote:
> On Fri, Dec 08, 2006 at 12:55:11PM +0000, Pete McEvoy wrote:
> > On Thu, Dec 07, 2006 at 12:59:31PM -0800, Marc Perkel wrote:
> > > Here's an ACL that works for me stopping a LOT of stock spam
> > >
> > > drop    mime_regex = Symbol\: [A-Z]{4}\nCurrent Price\: Around
> > >     message = REGEX - Stock Spam - H=$sender_fullhost - S=$h_Subject: - 
> > > F=$h_From: - T=$h_To:

> >
> > How does this work? The stock spam emails I get just have some
> > hashbuster text in the body with the spam message embedded in an
> > attached gif.
>
> Presumably Marc wont be able to answer my question..


Seriously though (amusing though the lower part of this thread has become :-),
that regex looked sensible enough, for catching text spam (no good for image
spam, of course). For example, <digs one out of the mail spool>,

grep -r -C2 ^Symbol: spool/input/

spool/input/1Gs5Pv-00069w-HE-D-Premier Holdings Group
spool/input/1Gs5Pv-00069w-HE-D-
spool/input/1Gs5Pv-00069w-HE-D:Symbol: PMHD
spool/input/1Gs5Pv-00069w-HE-D-Current Price:   0.37
spool/input/1Gs5Pv-00069w-HE-D-Target price:    1.35


(You get the idea). My spam is not exactly like the regex (no "Around" in my
spam), but it's close.

However what I don't get is why Pete's posting was rejected - it didn't match
that regex, AFAICT. So unless I've missed something, I can only assume that
Mark's server isn't actually using that regex as posted.

--
Dave Evans
Power Internet

PGP key: http://powernet.co.uk/~davide/pgpkey