Re: [exim] Match Subject with phrases in file?

トップ ページ
このメッセージを削除
このメッセージに返信
著者: W B Hacker
日付:  
To: exim-users
題目: Re: [exim] Match Subject with phrases in file?
Kevin wrote:
> I am trying to implement a rule that will allow me to place phrases in a
> file which is read and then used to match against partial subject lines.
>
> The ACL looks like:
>
> warn
>      condition = ${if and{\
>      {def:header_subject:}\

>
> {match{$header_subject:}{${readfile{CONFIGDIR/match-subjects}{|}}(?!)}}}{1}{0}}
>      message = Matched Subject: (subject=$h_subject:)

>
> The file would right now contains phrases like:
>
> ###############################################
> ^\{Virus\?\}
> badword
> Virus Detected by Network Associates, Inc\. Webshield
> ^---- Virus Detected ----$
> ^Virus [Dd]etected$
> ^Virus Alert$
> ^InterScan NT Alert$
> ^Virus found in the message$
> ###############################################
>
> It doesn't appear to work, I don't get any errors, but nothing appears to
> match when a message flows through.
> I found the syntax from another posting (2004) so perhaps it needs
> updating??
>
> This is being used in the data ACL section.
>
> I really plan on using it for other types of phrases, but I am just trying
> to get it to work with the example I found.
>
> I'm using Exim 4.76


Parts of what may help ..

This syntax - found here for another use - doesn't (presently) use an
external file against which to match, but works for me in several
separate clauses (not enough to yet justify a list):

====

   # DATA_SCAN_01B: IF message from known spam-program THEN defer forever
   #
   defer
     regex       = ^Subject:: office*



====

This doesn't use the regex tool, but does use a sloppy match against a
single external file that holds a variety of entry types [1]. The same
file is called in all of the smtp phases, from CONNECT thru DATA. This
acl fragment is just one of many checks against it:

====

   # CONNECT_9: Check Local Blacklist for host_name. IF bad THEN deny
   #
   deny
     message  = $sender_host_name spammed us once. Once is all you get.
     log_message = C9 $sender_host_name LBL
     !condition  = <whitelist exceptions>
     condition   = ${lookup {$sender_host_name}wildlsearch \
        {/var/filters/REGEXP-block}{yes}{no}}


NB: No line-break in the original lookup phrase, and the 'yes no' not
required, but make it easier for me to remember, as I sometimes reverse
them.

I haven't (yet) had the need to combine these two tools.. would be
interested in what you find works for you.

Bill
--
韓家標

====

[1] The REGEXP-block file has entries of this sort:

CAVEAT: Built primarily from user abuse reports. Yours should almost
certainly not be the same.

===

*bf
*dsl.telesp.net.br
*emaildirect.net
tleung@???
mta02.xtra.co.nz

===

Around 1000 to 1500 entries typically. We only clean it about once in
three to five years, typicaly dropping about 1/3 to 1/2 of the entries
that have cleaned up their act, left us alone, or just gone dark.