Exim system filter sample config
Posted On 2007年6月26日 星期二 at 於 下午5:09 by Lani# Exim filter
### Precautions, precautions...
# Drop out if the message is an error message.
if error_message then finish endif
### Assorted spam filtering stuff follows
## My users are trustworthy (because they're me!) - don't check locally sent mail.
if "arkane.demon.co.uk:arkane.net:arkane.co.uk" contains $sender_address_domain then
finish
endif
## Arrange log file
logfile /exim/filterlog
## First, handle the white list
# These are the blessed mail addresses which don't get filtered.
# And always allow postmaster mail through.
if "${lookup {${lc:$sender_address}}dbm{/etc/filters/whitelist} {white} {grey}}" is white or
$header_to: contains "postmaster@" then
finish
endif
## If they've used the magic word, let the mail go through.
if $header_subject: contains "DELETED FOR PUBLIC CONSUMPTION" then
finish
endif
## Then, handle the black list.
# Bounce all mail from these sites or addresses with a nasty message.
if "${lookup {${lc:$sender_address_domain}}dbm{/etc/filters/blacklist} {black} {grey}}" is black or
"${lookup {${lc:$sender_address}}dbm{/etc/filters/blacklist} {black} {grey}}" is black then
fail
finish
endif
## Heuristic spam filtering
# Tell-tale spam headers - X-UIDL, X-PMFLAGS, X-Advertisement
if "${if def:header_x-uidl: {spam}}" is spam then
log "message $message_id from $header_from: to $header_to: failed.\n\
x-uidl header indicates probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
if "${if def:header_x-1: {spam}}" is spam then
log "message $message_id from $header_from: to $header_to: failed.\n\
x-1 header indicates probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
if "${if def:header_x-pmflags: {spam}}" is spam then
log "message $message_id from $header_from: to $header_to: failed.\n\
x-pmflags header indicates probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
if "${if def:header_x-advertisment: {spam}}" is spam then
log "message $message_id from $header_from: to $header_to: failed.\n\
x-advertisement header indicates probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Authenticated sender, and not from pegasus
if "$h_comments" contains "authenticated sender" and
"$h_x-mailer" does not contain "pegasus" then
log "message $message_id from $header_from: to $header_to: failed.\n\
authenticated sender (not from pegasus) indicates probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Claims to be from hotmail.com
if "$h_from" contains "hotmail.com" and
"${if !def:header_x-originating-ip {nospam}}" is nospam then
log "message $message_id from $header_from: to $header_to: failed.\n\
claimed to be from hotmail, but not verifiable - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# claims to be from juno.com
if "$h_from" contains "juno.com" and
"${if def:header_x-mailer {juno} {spam}}" is spam then
log "message $message_id from $header_from: to $header_to: failed.\n\
claimed to be from juno, but not verifiable - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Broken message-IDs
if $header_message-id does not contain "@" then
log "message $message_id from $header_from: to $header_to: failed.\n\
Message-ID does not contain '@' - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Is the host (From||To) numeric?
if "$header_from: $header_to:" contains "@\\\\d+\\." then
log "message $message_id from $header_from: to $header_to: failed.\n\
From: or To: header contains numeric hostname - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Is the local-part numeric and 8 digits?
if $local_part matches "^\\\\d{8}\\$" then
log "message $message_id from $header_from: to $header_to: failed.\n\
Local part is an 8 digit numeric - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Is the To: address contained in the From: address?
if ( $header_from: contains $header_to: )
and ( "${if def:header_to: {present}}" is present ) then
log "message $message_id from $header_from: to $header_to: failed.\n\
From: contains To: which indicates probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Is neither a To: nor a Cc: header present?
if ( "${if def:header_to: {present}}" is not present )
and ( "${if def:header_cc: {present}}" is not present ) then
log "message $message_id from $header_from: to $header_to: failed.\n\
Neither To: nor Cc: headers present - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Other funny Received headers?
if $header_received: contains "[000.000.000.000]" then
log "message $message_id from $header_from: to $header_to: failed.\n\
Received: included the invalid IP [000.000.000.000] - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
if $header_received: contains "-0600 (EST)" then
log "message $message_id from $header_from: to $header_to: failed.\n\
Received: included the dubious time zone setting -0600 (EST) - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
if $header_received: contains "CLOAKED" then
log "message $message_id from $header_from: to $header_to: failed.\n\
Received: included the string 'CLOAKED' - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Bcc'ed to public addresses?
if ( $header_bcc: contains "-usenet" ) or
( $header_bcc: contains "-sig" ) then
log "message $message_id from $header_from: to $header_to: failed.\n\
Bcc'ed to a public address (-usenet or -sig) - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
# Bogus To: headers.
if $header_to: contains "Friend@" then
log "message $message_id from $header_from: to $header_to: failed.\n\
To: header included bogus local-part 'Friend' - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
if $header_to: contains "you@" then
log "message $message_id from $header_from: to $header_to: failed.\n\
To: header included bogus local-part 'you' - probable spam.\n\
------------------------------------------------------------------------------"
fail
finish
endif
### That's it!
