| 1 | From: Ephraim Silverberg <ephraim@cs.huji.ac.il> |
| 2 | Date: Tue, 17 Feb 1998 12:55:55 +0200 |
| 3 | |
| 4 | We're using Exim 1.82 and have written a message filter to intercept spam |
| 5 | messages that RBL doesn't catch. Since we have met with reasonable success |
| 6 | since installing (and refining) the filter -- 566 genuine spam messages |
| 7 | intercepted during a time period where there were 67 RBL rejections -- I |
| 8 | thought that the rest of the list may be interested in reviewing our filter |
| 9 | as a starting point for their own system message filter. |
| 10 | |
| 11 | There are a number of caveats, however: |
| 12 | |
| 13 | 1. The suspected spam is not automatically rejected as RBL hosts are, but |
| 14 | is saved to a folder that should be read/writable by the mail |
| 15 | administrators. The reason for this is that the filter catches also |
| 16 | some legitimate mail and these messages should be bounced to their |
| 17 | originally intended recipient(s) (ala X-Envelope-To:) and the filter |
| 18 | refined and/or the databases (described below) updated. |
| 19 | |
| 20 | 2. My filter traps blank/non-existent To: lines as well as To: lines |
| 21 | contained in From: lines, but firsts exempts the following categories |
| 22 | from this check: mailing lists, local mail, mail originating in the |
| 23 | country (e.g. in our case *.il) and mail coming from autosupport servers. |
| 24 | |
| 25 | Beyond implicit checks, it uses four DBM databases: two that exempt the |
| 26 | message from any spam (beyond RBL) checks (software servers and strange mailing |
| 27 | lists need to be here) -- one based on $sender_address and the other on |
| 28 | $header_to: lines -- and, conversely, two databases for known spammers that |
| 29 | have valid mail headers that aren't caught by implicit checks. All entries |
| 30 | in these databases are lowercase so that we don't need two lines for |
| 31 | 'friend@public.com' and 'Friend@Public.com'. |
| 32 | |
| 33 | The sample filter package is at ftp://ftp.cs.huji.ac.il/pub/exim/spam_filter/ |
| 34 | |
| 35 | Comments and suggestions are welcome. |