[exim] SPAM ACL question

Góra strony
Delete this message
Reply to this message
Autor: Torsten Tributh
Data:  
Dla: Exim-users
Temat: [exim] SPAM ACL question
Hi all,

i see an increasing amoung of SPAM coming via exposed php Scripts on

worldwide webservices

Grep'ed from the Mail Headers i see lines like:

X-PHP-Originating-Script: 33:template89.php(1970) : eval()'d code
X-PHP-Originating-Script: 33:dirs21.php(1952) : eval()'d code
X-PHP-Originating-Script: 5004:themes.php(1936) : eval()'d code
X-PHP-Originating-Script: 502:file58.php(1962) : eval()'d code
X-PHP-Originating-Script: 10002:general.php(1937) : eval()'d code
X-PHP-Originating-Script: 33:files.php(1944) : eval()'d code
X-PHP-Originating-Script: 10002:general.php(1937) : eval()'d code
X-PHP-Originating-Script: 10282:footer49.php(1951) : eval()'d code
X-PHP-Originating-Script: 10013:page.php(1945) : eval()'d code
X-PHP-Originating-Script: 10003:stats.php(1955) : eval()'d code
X-PHP-Originating-Script: 10001:user15.php(1956) : eval()'d code
X-PHP-Originating-Script: 5008:proxy94.php(1959) : eval()'d code
X-PHP-Originating-Script: 503:lib.php(1949) : eval()'d code
X-PHP-Originating-Script: 504:global.php(1960) : eval()'d code
X-PHP-Originating-Script: 0:object62.php(1950) : eval()'d code
X-PHP-Originating-Script: 989:ajax.php(1949) : eval()'d code
X-PHP-Originating-Script: 10009:page.php(1954) : eval()'d code
X-PHP-Originating-Script: 10000:functions11.php(1959) : eval()'d code
X-PHP-Originating-Script: 10032:error73.php(1930) : eval()'d code

Is there any simple way to block this type of spam in an ACL to reject
the Mail
during the SMTP transport?

I was not able to find a solution.
I also tried to use a system filter solution like:

    if $header_X-PHP-Originating-Script: contains ".*eval.*d\scode"
    then fail   
    endif



but that doesn't match.
Is there anybody out there who can give me a hint or a working solution?

Regards Torsten



--
Torsten