> From: Paul Lenz <paul@???>
> The mentioned text "Loteria" was clearly visible in the body, because it
> was attached as
> Content-Type: text/plain; charset="Windows-1251"
> Content-Transfer-Encoding: 7bit
Connect with your server using SSH, give the command:
exim -bP acl_smtp_data
In your case it must say:
acl_smtp_data = check_message
If it says something else then it's the reason why this in your config
didn't work:
#!!# ACL that is used after the DATA command
check_message:
deny senders = /etc/exim4/blockeddoms
discard message = "Loteria in message body"
!senders = :
condition = ${if match{${lc:$message_body}}{loteria|lottery}{yes}{no}}
> Anyway I will try your code
An afterthought: better with \b instead of \s
> Why do you want to reject spam?
Sometimes your rules will make mistakes (called "false positives")
considering an honest message as a spam. If spam is rejected then
the human sender knows about that and sees what you wrote in "message".
> Isn't it a waste of traffic
"deny" in RCPT causes less traffic (message body isn't transmitted).
"deny" in DATA or MIME - no difference in traffic,
only what you wrote in "message" is transmitted.
> and may
> cause useless bounces?
"deny" in ACL doesn't cause your Exim to send a separate letter
called a "bounce". Your Exim refuses to accept the message.
The sending server may create a bounce, but it's helpful in case of
a false positive.
> 2. I would prefer to use my director which simply moves spam detected by
> SpamAssassin into a waste bin:
Is the "waste bin" a folder you look at once a day or so?
My Exim either accepts a message into Inbox or rejects what it considers spam,
with few exceptions (I seldom use "discard"). I don't use SpamAssassin,
my VPS with Exim (and a web-server) has only 64M RAM.
> spamkill_director:
> driver = accept
> check_local_user
> condition = "${if def:h_X-Spam-Flag: {1}{0}}"
> transport = spamkill
> no_verify
>
> How can I set this flag instead of denying a message if "loteria" was
> detected?
You can set an "acl_m_" variable and check it in that router.
> I had a look on you file "Lena-eximconf-run.txt".
> I wonder how this set of rules can detect viruses.
Currently it checks only what is mentioned in WINBIN and COMPREXT.
> I wrote a plugin for Spamassassin which unzips every attachement and
> (IMHO very important) unzips every MS Office file (xlsx, xlsm, docx) and
> looks for strings like "rundll32" or "This program cannot be run in DOS
> mode" and some others.
Good idea (about Office files). Perhaps I can replicate this
in Exim without SpamAssassin if you send me your code or a link to it.
