Commit | Line | Data |
---|---|---|
e0f3765a PH |
1 | From: Ephraim Silverberg <ephraim@cs.huji.ac.il> |
2 | Date: Tue, 17 Feb 1998 12:55:55 +0200 | |
3 | ||
4 | We're using Exim 1.82 and have written a message filter to intercept spam | |
5 | messages that RBL doesn't catch. Since we have met with reasonable success | |
6 | since installing (and refining) the filter -- 566 genuine spam messages | |
7 | intercepted during a time period where there were 67 RBL rejections -- I | |
8 | thought that the rest of the list may be interested in reviewing our filter | |
9 | as a starting point for their own system message filter. | |
10 | ||
11 | There are a number of caveats, however: | |
12 | ||
13 | 1. The suspected spam is not automatically rejected as RBL hosts are, but | |
14 | is saved to a folder that should be read/writable by the mail | |
15 | administrators. The reason for this is that the filter catches also | |
16 | some legitimate mail and these messages should be bounced to their | |
17 | originally intended recipient(s) (ala X-Envelope-To:) and the filter | |
18 | refined and/or the databases (described below) updated. | |
19 | ||
20 | 2. My filter traps blank/non-existent To: lines as well as To: lines | |
21 | contained in From: lines, but firsts exempts the following categories | |
22 | from this check: mailing lists, local mail, mail originating in the | |
23 | country (e.g. in our case *.il) and mail coming from autosupport servers. | |
24 | ||
25 | Beyond implicit checks, it uses four DBM databases: two that exempt the | |
26 | message from any spam (beyond RBL) checks (software servers and strange mailing | |
27 | lists need to be here) -- one based on $sender_address and the other on | |
28 | $header_to: lines -- and, conversely, two databases for known spammers that | |
29 | have valid mail headers that aren't caught by implicit checks. All entries | |
30 | in these databases are lowercase so that we don't need two lines for | |
31 | 'friend@public.com' and 'Friend@Public.com'. | |
32 | ||
33 | The sample filter package is at ftp://ftp.cs.huji.ac.il/pub/exim/spam_filter/ | |
34 | ||
35 | Comments and suggestions are welcome. |