| 1 | Date: Sat, 4 Apr 1998 07:23:39 +0200 (GMT+0200) |
| 2 | From: "F. Jacot Guillarmod" <Jacot@ru.ac.za> |
| 3 | |
| 4 | Here's four checks installed in our system wide filter that knock out |
| 5 | a lot of otherwise hard to detect rubbish - and would handle the above |
| 6 | example. The most interesting one is the hotmail.com "validity check". |
| 7 | |
| 8 | # =========================================================================== |
| 9 | # authenticated sender, but not from pegasus |
| 10 | #------------------------------------------- |
| 11 | elif "$h_comments" contains "authenticated sender" and |
| 12 | "$h_x-mailer" does not contain "pegasus" then |
| 13 | |
| 14 | log "$tod_log $message_id SPAMAUTHS: sender=$sender_address \ |
| 15 | subject=$header_subject: recipients_count=$recipients_count \ |
| 16 | recipients=$recipients" |
| 17 | save /usr/local/lib/mail/spam |
| 18 | |
| 19 | # claims to be from hotmail.com |
| 20 | #------------------------------ |
| 21 | elif "$h_from" contains "hotmail.com" and |
| 22 | "${if !def:header_x-originating-ip {nospam}}" is nospam then |
| 23 | |
| 24 | log "$tod_log $message_id SPAMHOTMAIL: sender=$sender_address \ |
| 25 | subject=$header_subject: recipients_count=$recipients_count \ |
| 26 | recipients=$recipients" |
| 27 | save /usr/local/lib/mail/spam |
| 28 | |
| 29 | # claims to be from juno.com |
| 30 | #------------------------------ |
| 31 | elif "$h_from" contains "juno.com" and |
| 32 | "${if def:header_x-mailer {juno} {spam}}" is spam then |
| 33 | |
| 34 | log "$tod_log $message_id SPAMJUNO: sender=$sender_address \ |
| 35 | subject=$header_subject: recipients_count=$recipients_count \ |
| 36 | recipients=$recipients" |
| 37 | save /usr/local/lib/mail/spam |
| 38 | |
| 39 | # spam X-UIDL header found |
| 40 | # ------------------------ |
| 41 | elif "${if def:header_x-uidl {spam}}" is spam then |
| 42 | |
| 43 | log "$tod_log $message_id SPAM-X-UIDL: sender=$sender_address \ |
| 44 | subject=$header_subject: recipients_count=$recipients_count \ |
| 45 | recipients=$recipients" |
| 46 | save /usr/local/lib/mail/spam |
| 47 | # =========================================================================== |
| 48 | |
| 49 | |
| 50 | The following rule seems to work (but I don't use it): |
| 51 | |
| 52 | # either To: is contained in From: or there is no To: line |
| 53 | # -------------------------------------------------------- |
| 54 | elif $h_from contains $h_to then |
| 55 | |
| 56 | log "$tod_log $message_id SPAM-TOEQFRM: sender=$sender_address \ |
| 57 | subject=$header_subject: recipients_count=$recipients_count \ |
| 58 | recipients=$recipients" |
| 59 | save /usr/local/lib/mail/spam |
| 60 | # -------------------------------------------------------- |
| 61 | |
| 62 | |
| 63 | |
| 64 | Here's parts of my personal .forward file - I'm relying on the system wide exim |
| 65 | configs to zap spam, and only do the old fashioned stuff to whatever gets |
| 66 | through: |
| 67 | |
| 68 | #========================================================================== |
| 69 | # Exim filter <<== do not edit or remove this line |
| 70 | |
| 71 | if error_message then finish endif |
| 72 | |
| 73 | logfile $home/eximfilter.log |
| 74 | |
| 75 | # Mail from support system |
| 76 | if $header_subject contains "[Help #" |
| 77 | then |
| 78 | save $home/Mail/in.support |
| 79 | |
| 80 | # Mail from squid mailing list to local newsgroup |
| 81 | elif $header_subject contains "squid-users-digest" |
| 82 | then |
| 83 | deliver "<ru-list-squid@quagga.ru.ac.za>" |
| 84 | |
| 85 | # Mail from exim-users mailing list to local newsgroup |
| 86 | elif $return_path contains "exim-users-request" |
| 87 | then |
| 88 | deliver "<ru-list-exim-users@quagga.ru.ac.za>" |
| 89 | |
| 90 | # Stuff to be thrown away |
| 91 | if $header_subject contains "Warning From uucp" |
| 92 | then |
| 93 | seen finish |
| 94 | endif |
| 95 | |
| 96 | #========================================================================== |
| 97 | |