On Tue, 11 Dec 2018 at 18:22, Sławomir Dworaczek via Exim-users <
exim-users@???> wrote:
> thanks for reply
>
> what would the regex rule look like for all links in the content that look
> like this http://whole.thic.com/pe/domaincontrol.html?email=2cd10@7bbbd
> http://eubersu.zacas.com/s210/sav.php?email=b2067@25b40
> http://fees.3rdpartypolitics.com/citrix2/web01.php?email=434535
>
> from org, net and us domains
>
> e.t.c
> Recently, spam reports come a lot
>
>
What exactly are you trying to achieve?
I think you could control a lot of spam using rspamd these days. However,
if you want to do this manually (whack-a-mole, I hear it being called),
then look into using the system filter.
if $message_body contains "this|that|other"
then
seen
finish
endif
You can log snippets of what the filter rule is doing in some file that you
can brood over and see if you are doing the right thing.
I advise you look into rspamd. It does some good work with urls and guess
what? You let it handle all this within itself and it decides on the
actions.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."