Re: [exim] blocking apostrophe emails

Top Page
Delete this message
Reply to this message
Author: pedro
Date:  
To: Colin Keith
CC: exim-users
Subject: Re: [exim] blocking apostrophe emails
This is what I do:


 deny condition = ${lookup 
{$sender_address}nwildlsearch{REJECTACLSENDER}{yes}{no}}
      message = EXIM_HOSTS: 1. acl-sender - Mail is blocked 
($sender_address): ${lookup 
{$sender_address}nwildlsearch{REJECTACLSENDER}{$value}} . 



#REJECTACLSENDER=/etc/exim/include/senders.txt :

^.{0,20}_.{0,20}_.{0,20}_.{0,20}@ : Msg 1 - _
^.{0,20}_.{0,20}@??? : Msg 2 - _
^.{0,20}_.{0,20}@??? : Msg 3 - _
^.{1,10}clubejovem.?@ : Msg 4 - clubejovem
^.{1,10}@??? : Msg 5 - brinfo.net
^.{1,10}@??? : Msg 6 - bancodobrazil.com.br
^lkithwyk@??? : Msg 6 - lkithwyk
^.{1,10}@??? : Msg 7 - portaldafe.com
^brunomeissner@??? : Msg 8 - brunomeissner
^industria@??? : Msg 9 -seguro.com.br
^mkt@??? : Msg 10 - digital.com
^.{0,10}@??? : Msg 11- vendasvip.com
^.{0,20}@??? : Msg 12 - hotma.com
^.{0,20}@??? : Msg 13 - serasa.com.br
^.{0,15}@??? : Msg 14 - mktdigital.tk
^.{0,20}@??? : Msg 15 - gold mail
globohost_2006@??? : Msg 16 - globohost
^.{0,20}'.{0,20}@ : Msg 17 - plic em local part

I hope may help you.
Pedro Alves
-------------------------------------------------------
Colin Keith escritos:

> On Fri, Jan 05, 2007 at 03:56:49PM +0000, Chris Bayliss wrote:
>> They are allowed.
>>
>> There are quite a few surnames that have ' in them which find
>> their way into mail addresses. D'Netto, d'Urvberville and
>> O'Reilly spring to mind.
>
> Although realistically speaking - and lets face it that is what keeping out
> spam is about - is anyone going to receive e-mails from user's@something.
> If your pattern match is for 's@, you're not likely to block half of
> ireland, but you will keep out some of the spam.
>
> As an example 537 rejects in the past 8 hours for this particular spam,
> 307 match 's@ (though there seem to be duplicates where the sender came
> back with a additional attempts with different sender addresses)
>
> I notice also that the majority of these scam mails seem to use dictionary
> words in them and when it doesn't match the pattern <word>'s@ it matches
> <word>'s<word>@, so maybe you could make the mail from ACL conditional
> something like this:
>
>
>     condition   = ${if and { \
>                     { match {$sender_address} {^(.*)'s@} } \
>                     { eq {${lookup{$1}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
>                    } {yes} {no} } 

>
>     condition   = ${if and { \
>                     { match {$sender_address} {^(.+)'s(.+)@} } \
>                     { eq {${lookup{$1}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
>                     { eq {${lookup{$2}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
>                    } {yes} {no} } 

>
> # Creating the dictionary with, this, for example:
> exim_dbmbuild /usr/share/dict/words /var/spool/dict.db 2>/dev/null
>
>
> I couldn't work out how to combine this into one condition of the form
>
>   if($sender_address =~ m/^(.+)'s(.+)@/ && lookup($1)){
>     if($2 && lookup($2)){ 

>
> But I'm sure its possible. Of course this will still screw over anyone
> whose name appears in the dictionary, so for example all those
>
> <Elizabeth'santiques@???>
> addresses are still going to get hit by this.
>
> Anyway, being the evil, wicked, non-RFC compliant witch (wizard?) of the
> west I'll stick with my "'s" pattern and add an exception when someone
> complains, or someone vapourises spammers. :)
>
> Colin
> --
> "Developers are like artists; they produce their best work if they
> have the freedom to do so" - Werner Vogels, CTO Amazon.com
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>