Re: [exim] blocking apostrophe emails

Fri, 05 Jan 2007 09:43:20 -0800 

On Fri, Jan 05, 2007 at 03:56:49PM +0000, Chris Bayliss wrote:
> They are allowed.
>
> There are quite a few surnames that have ' in them which find
> their way into mail addresses.  D'Netto,  d'Urvberville and
> O'Reilly spring to mind.

Although realistically speaking - and lets face it that is what keeping out
spam is about - is anyone going to receive e-mails from user'[EMAIL PROTECTED]
If your pattern match is for 's@, you're not likely to block half of
ireland, but you will keep out some of the spam.

As an example 537 rejects in the past 8 hours for this particular spam,
307 match 's@ (though there seem to be duplicates where the sender came
back with a additional attempts with different sender addresses)

I notice also that the majority of these scam mails seem to use dictionary
words in them and when it doesn't match the pattern <word>'s@ it matches
<word>'s<word>@, so maybe you could make the mail from ACL conditional
something like this:


    condition   = ${if and { \
                    { match {$sender_address} {^(.*)'[EMAIL PROTECTED] } \
                    { eq {${lookup{$1}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
                   } {yes} {no} }

    condition   = ${if and { \
                    { match {$sender_address} {^(.+)'s(.+)@} } \
                    { eq {${lookup{$1}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
                    { eq {${lookup{$2}dbm{/var/spool/dict.db}{1}{0}}} {1} } \
                   } {yes} {no} }

# Creating the dictionary with, this, for example:
exim_dbmbuild /usr/share/dict/words /var/spool/dict.db 2>/dev/null


I couldn't work out how to combine this into one condition of the form

  if($sender_address =~ m/^(.+)'s(.+)@/ && lookup($1)){
    if($2 && lookup($2)){

But I'm sure its possible. Of course this will still screw over anyone
whose name appears in the dictionary, so for example all those

 <Elizabeth'[EMAIL PROTECTED]>
addresses are still going to get hit by this.

Anyway, being the evil, wicked, non-RFC compliant witch (wizard?) of the
west I'll stick with my "'s" pattern and add an exception when someone
complains, or someone vapourises spammers. :)

Colin
-- 
 "Developers are like artists; they produce their best work if they
  have the freedom to do so" - Werner Vogels, CTO Amazon.com

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to