Kevin wrote:
I am trying to implement a rule that will allow me to place phrases in a
file which is read and then used to match against partial subject lines.
The ACL looks like:
warn
condition = ${if and{\
{def:header_subject:}\
{match{$header_subject:}{${readfile{CONFIGDIR/match-subjects}{|}}(?!)}}}{1}{0}}
message = Matched Subject: (subject=$h_subject:)
The file would right now contains phrases like:
###############################################
^\{Virus\?\}
badword
Virus Detected by Network Associates, Inc\. Webshield
^---- Virus Detected ----$
^Virus [Dd]etected$
^Virus Alert$
^InterScan NT Alert$
^Virus found in the message$
###############################################
It doesn't appear to work, I don't get any errors, but nothing appears to
match when a message flows through.
I found the syntax from another posting (2004) so perhaps it needs
updating??
This is being used in the data ACL section.
I really plan on using it for other types of phrases, but I am just trying
to get it to work with the example I found.
I'm using Exim 4.76
Parts of what may help ..
This syntax - found here for another use - doesn't (presently) use an
external file against which to match, but works for me in several
separate clauses (not enough to yet justify a list):
====
# DATA_SCAN_01B: IF message from known spam-program THEN defer forever
#
defer
regex = ^Subject:: office*
====
This doesn't use the regex tool, but does use a sloppy match against a
single external file that holds a variety of entry types [1]. The same
file is called in all of the smtp phases, from CONNECT thru DATA. This
acl fragment is just one of many checks against it:
====
# CONNECT_9: Check Local Blacklist for host_name. IF bad THEN deny
#
deny
message = $sender_host_name spammed us once. Once is all you get.
log_message = C9 $sender_host_name LBL
!condition = <whitelist exceptions>
condition = ${lookup {$sender_host_name}wildlsearch \
{/var/filters/REGEXP-block}{yes}{no}}
NB: No line-break in the original lookup phrase, and the 'yes no' not
required, but make it easier for me to remember, as I sometimes reverse
them.
I haven't (yet) had the need to combine these two tools.. would be
interested in what you find works for you.
Bill
--
韓家標
====
[1] The REGEXP-block file has entries of this sort:
CAVEAT: Built primarily from user abuse reports. Yours should almost
certainly not be the same.
===
*bf
*dsl.telesp.net.br
*emaildirect.net
[email protected]
mta02.xtra.co.nz
===
Around 1000 to 1500 entries typically. We only clean it about once in
three to five years, typicaly dropping about 1/3 to 1/2 of the entries
that have cleaned up their act, left us alone, or just gone dark.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
