On Fri, 19 Sep 2008 Dan_Mitton@??? wrote:
>
> Short of doing a full virus/content scanner, you could try something like:
>
> condition = ${if match{$message_body}{Angebote des Monats}}
>
> in an ACL or router. You must also likely increase/set:
>
> message_body_visible = <somenumber>
>
> as the match will only look through that many bytes. The default is only
> 500.
>
> Of course, this is a rather simplistic approach and might have some
> performance impacts if message_body_visible is large and/or you are trying
> to match on several/many strings.
>
I do something like this (edited so it's not specific
to my setup at home) in acl_check_data:
deny regex = <; (?i)${readfile{/somedirectory/regex-blacklist}{;(?i)}}4868de5c9135e39ea81d8f090a8411c0
message = Content rejected by policy
regex-blacklist is a file of strings I don't want
to see, one per line, as in:
symbol=HTLJ.OB
Symbol: CFSC
3250 W. Big Beaver Road
...etc
The really long random string at the end, I added because
(IIRC, but maybe not), the last bare newline would match
anything otherwise. There's probably a better way to do
this, it's just what I ended up with here.
Since debian does stuff in it's own 'special' way, I have
no idea where to add that on a debian system, so I'd urge
the original poster to ask there for additional debian-
specific information on adding things to a stock cfg.
I agree re the message_body_visible comment - for any site
accepting a lot of large items, it's a good idea. For my
hobby system here, I don't bother.
--
--------------------------------------------------------
Dave Lugo dlugo@??? LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
