blob: b9f097a3b854a1b78fc3bbfbd0217ec8b53a9641 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
Date: Sat, 4 Apr 1998 07:23:39 +0200 (GMT+0200)
From: "F. Jacot Guillarmod" <Jacot@ru.ac.za>
Here's four checks installed in our system wide filter that knock out
a lot of otherwise hard to detect rubbish - and would handle the above
example. The most interesting one is the hotmail.com "validity check".
# ===========================================================================
# authenticated sender, but not from pegasus
#-------------------------------------------
elif "$h_comments" contains "authenticated sender" and
"$h_x-mailer" does not contain "pegasus" then
log "$tod_log $message_id SPAMAUTHS: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$recipients"
save /usr/local/lib/mail/spam
# claims to be from hotmail.com
#------------------------------
elif "$h_from" contains "hotmail.com" and
"${if !def:header_x-originating-ip {nospam}}" is nospam then
log "$tod_log $message_id SPAMHOTMAIL: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$recipients"
save /usr/local/lib/mail/spam
# claims to be from juno.com
#------------------------------
elif "$h_from" contains "juno.com" and
"${if def:header_x-mailer {juno} {spam}}" is spam then
log "$tod_log $message_id SPAMJUNO: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$recipients"
save /usr/local/lib/mail/spam
# spam X-UIDL header found
# ------------------------
elif "${if def:header_x-uidl {spam}}" is spam then
log "$tod_log $message_id SPAM-X-UIDL: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$recipients"
save /usr/local/lib/mail/spam
# ===========================================================================
The following rule seems to work (but I don't use it):
# either To: is contained in From: or there is no To: line
# --------------------------------------------------------
elif $h_from contains $h_to then
log "$tod_log $message_id SPAM-TOEQFRM: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$recipients"
save /usr/local/lib/mail/spam
# --------------------------------------------------------
Here's parts of my personal .forward file - I'm relying on the system wide exim
configs to zap spam, and only do the old fashioned stuff to whatever gets
through:
#==========================================================================
# Exim filter <<== do not edit or remove this line
if error_message then finish endif
logfile $home/eximfilter.log
# Mail from support system
if $header_subject contains "[Help #"
then
save $home/Mail/in.support
# Mail from squid mailing list to local newsgroup
elif $header_subject contains "squid-users-digest"
then
deliver "<ru-list-squid@quagga.ru.ac.za>"
# Mail from exim-users mailing list to local newsgroup
elif $return_path contains "exim-users-request"
then
deliver "<ru-list-exim-users@quagga.ru.ac.za>"
# Stuff to be thrown away
if $header_subject contains "Warning From uucp"
then
seen finish
endif
#==========================================================================
|
