Kevin wrote:
> I am trying to implement a rule that will allow me to place phrases in a
> file which is read and then used to match against partial subject lines.
>
> The ACL looks like:
>
> warn
> condition = ${if and{\
> {def:header_subject:}\
>
> {match{$header_subject:}{${readfile{CONFIGDIR/match-subjects}{|}}(?!)}}}{1}{0}}
> message = Matched Subject: (subject=$h_subject:)
>
> The file would right now contains phrases like:
>
> ###############################################
> ^\{Virus\?\}
> badword
> Virus Detected by Network Associates, Inc\. Webshield
> ^---- Virus Detected ----$
> ^Virus [Dd]etected$
> ^Virus Alert$
> ^InterScan NT Alert$
> ^Virus found in the message$
> ###############################################
>
> It doesn't appear to work, I don't get any errors, but nothing appears to
> match when a message flows through.
> I found the syntax from another posting (2004) so perhaps it needs
> updating??
>
> This is being used in the data ACL section.
>
> I really plan on using it for other types of phrases, but I am just trying
> to get it to work with the example I found.
>
> I'm using Exim 4.76
Parts of what may help ..
This syntax - found here for another use - doesn't (presently) use an
external file against which to match, but works for me in several
separate clauses (not enough to yet justify a list):
====
# DATA_SCAN_01B: IF message from known spam-program THEN defer forever
#
defer
regex = ^Subject:: office*
====
This doesn't use the regex tool, but does use a sloppy match against a
single external file that holds a variety of entry types [1]. The same
file is called in all of the smtp phases, from CONNECT thru DATA. This
acl fragment is just one of many checks against it:
====
# CONNECT_9: Check Local Blacklist for host_name. IF bad THEN deny
#
deny
message = $sender_host_name spammed us once. Once is all you get.
log_message = C9 $sender_host_name LBL
!condition = <whitelist exceptions>
condition = ${lookup {$sender_host_name}wildlsearch \
{/var/filters/REGEXP-block}{yes}{no}}
NB: No line-break in the original lookup phrase, and the 'yes no' not
required, but make it easier for me to remember, as I sometimes reverse
them.
I haven't (yet) had the need to combine these two tools.. would be
interested in what you find works for you.
Bill
--
韓家標
====
[1] The REGEXP-block file has entries of this sort:
CAVEAT: Built primarily from user abuse reports. Yours should almost
certainly not be the same.
===
*bf
*dsl.telesp.net.br
*emaildirect.net
tleung@???
mta02.xtra.co.nz
===
Around 1000 to 1500 entries typically. We only clean it about once in
three to five years, typicaly dropping about 1/3 to 1/2 of the entries
that have cleaned up their act, left us alone, or just gone dark.