Re: [exim] blocking apostrophe emails

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMMartin A. Brooks at <-
MRenaud Allard at ->
Delete this message
Reply to this message
Author: Colin Keith
Date:  
To: exim-users
Subject: Re: [exim] blocking apostrophe emails
On Fri, Jan 05, 2007 at 03:56:49PM +0000, Chris Bayliss wrote:
> They are allowed.
>
> There are quite a few surnames that have ' in them which find
> their way into mail addresses. D'Netto, d'Urvberville and
> O'Reilly spring to mind.

Although realistically speaking - and lets face it that is what keeping out
spam is about - is anyone going to receive e-mails from user's@something.
If your pattern match is for 's@, you're not likely to block half of
ireland, but you will keep out some of the spam.

As an example 537 rejects in the past 8 hours for this particular spam,
307 match 's@ (though there seem to be duplicates where the sender came
back with a additional attempts with different sender addresses)

I notice also that the majority of these scam mails seem to use dictionary
words in them and when it doesn't match the pattern <word>'s@ it matches
<word>'s<word>@, so maybe you could make the mail from ACL conditional
something like this: 


    condition   = ${if and { \
                    { match {$sender_address} {^(.*)'s@} } \
                    { eq {${lookup{$1}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
                   } {yes} {no} }


    condition   = ${if and { \
                    { match {$sender_address} {^(.+)'s(.+)@} } \
                    { eq {${lookup{$1}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
                    { eq {${lookup{$2}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
                   } {yes} {no} }


# Creating the dictionary with, this, for example:
exim_dbmbuild /usr/share/dict/words /var/spool/dict.db 2>/dev/null


I couldn't work out how to combine this into one condition of the form 

  if($sender_address =~ m/^(.+)'s(.+)@/ && lookup($1)){
    if($2 && lookup($2)){


But I'm sure its possible. Of course this will still screw over anyone
whose name appears in the dictionary, so for example all those

<Elizabeth'santiques@???>
addresses are still going to get hit by this.

Anyway, being the evil, wicked, non-RFC compliant witch (wizard?) of the
west I'll stick with my "'s" pattern and add an exception when someone
complains, or someone vapourises spammers. :)

Colin
--
"Developers are like artists; they produce their best work if they
have the freedom to do so" - Werner Vogels, CTO Amazon.com


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] More integer annoyances in 4.65 - 4.66 release soon?Re: [exim] how to drop failed DSN?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)