On Sat, Sep 02, 2017 at 03:02:43PM +0200, Paul Lenz wrote:
> I would be already glad, if my Exim rules would work.
>
> Today I received again an 1,3 MB message with Lottery spam.
> In the body is clearly to be seen "ONLINE LOTTERY DEPARTMENT".
>
> I am unsing this rule:
>
> #!!# ACL that is used after the DATA command
> check_message:
> deny senders = /etc/exim4/blockeddoms
>
> discard message = "Loteria in message body"
> !senders = :
> condition = ${if match {${lc:$message_body}}
> {loteria|lottery}{yes}{no}}
>
> What if wrong? Why did I receive this spam?
If your message is base64-encoded, this condition would fail.
Message can have several text parts with different encodings, for HTML
the word "lottery" can be splitted artificially to bypass spam filters.
Run Exim with "-d+acl" on this message to look how acl works.
--
Eugene Berdnikov
