Re: [exim] Need acl configuration which will allow exim to a…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Dave Lugo
日付:  
To: exim-users
題目: Re: [exim] Need acl configuration which will allow exim to analyze thecontents of e-mails and to block a messages
On Fri, 19 Sep 2008 Dan_Mitton@??? wrote:
>
> Short of doing a full virus/content scanner, you could try something like:
>
> condition = ${if match{$message_body}{Angebote des Monats}}
>
> in an ACL or router. You must also likely increase/set:
>
> message_body_visible = <somenumber>
>
> as the match will only look through that many bytes. The default is only
> 500.
>
> Of course, this is a rather simplistic approach and might have some
> performance impacts if message_body_visible is large and/or you are trying
> to match on several/many strings.
>


I do something like this (edited so it's not specific
to my setup at home) in acl_check_data:

  deny regex        = <; (?i)${readfile{/somedirectory/regex-blacklist}{;(?i)}}4868de5c9135e39ea81d8f090a8411c0
       message      = Content rejected by policy


regex-blacklist is a file of strings I don't want
to see, one per line, as in:

symbol=HTLJ.OB
Symbol: CFSC
3250 W. Big Beaver Road

...etc

The really long random string at the end, I added because
(IIRC, but maybe not), the last bare newline would match
anything otherwise. There's probably a better way to do
this, it's just what I ended up with here.

Since debian does stuff in it's own 'special' way, I have
no idea where to add that on a debian system, so I'd urge
the original poster to ask there for additional debian-
specific information on adding things to a stock cfg.

I agree re the message_body_visible comment - for any site
accepting a lot of large items, it's a good idea. For my
hobby system here, I don't bother.


-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.