> From: Jim Pazarena > > I am trying to strengthen my spam filtering. > > As such, I make sure that I don't get too heavy handed with google > or hotmail. > > But I see a heck of a lot of junk from *.yahoo.com > > Has yahoo become or has it always been a giant spam pit?
yahoo consists of different parts. If a spam came via a yahooGroup (mailing list), complain to the moderator or unsub. If you are a moderator, you'll be forwarded spam sent to the -owner@ address, nothing to do here except content-filtering fraught with false positives. Spam via mail.yahoo.com (free mailboxes) and domains outsourced to yahoo (btinternet.com, btopenworld.com, att.net, sbcglobal.net, rogers.com and possibly some others) is entirely another matter. After blacklisting $sender_address_domain yahoo.cn, yahoo.com.cn, yahoo.com.hk and $sender_host_name ^smtp\d+\.biz\.mail\.(re\d+|mud)\.yahoo\.com$ , I'm sent mostly Nigerian spam via mail.yahoo.com. I block it with a local injection IP blacklist http://lena.kiev.ua/blacklist_webmail.txt used in acl_check_data: warn condition = ${if match{$sender_host_name}\ {\N\.(blu|col|bay|snt)\d+\.hotmail\.com$\N}} set acl_m_web = ${if match{$rheader_Received:}{\Nfrom [^\(]+\ \(\[(\d+\.\d+\.\d+\.\d+)\]\) by \ [^\w-]+\.((blu|col|bay|snt)\d+\.hotmail\.com|phx\.gbl) \ (over TLS secured channel )?with Microsoft SMTPSVC\N}{$1}} warn condition = ${if match{$sender_host_name}\ {\N\.mail\....?\.yahoo\.com$\N}} condition = ${if or{\ {match{$rheader_X-Yahoo-Newman-Property:}{ymail}}\ {def:header_X-RocketYMMF:}\ {match{$bheader_X-Mailer:}{^YahooMail}}\ }} set acl_m_web = ${if match{$rheader_Received:}{\Nfrom \ \[(\d+\.\d+\.\d+\.\d+)\] by \ web\d+(\.biz)?\.mail\....?\.yahoo\.com via HTTP; \N}{$1}} condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_Received:}{\Nfrom [^(\n]+ \ \([^)\n]+@(\d+\.\d+\.\d+\.\d+) with login\)[\r\n]+\s+by \ smtp\d+(\.plus|\.sbc)?\.mail\....?\.yahoo\.com with SMTP; \N}{$1}} warn condition = ${if match{$sender_host_name}\ {\N^[oi]mr-\w+\.mx\.aol\.com$\N}} set acl_m_web = ${if match{$rheader_Received:}{\Nfrom \ (\d+\.\d+\.\d+\.\d+) by webmail-\w+\.sysops\.aol\.com \ \(\d+\.\d+\.\d+\.\d+\) with HTTP \(WebMailUI\); \N}{$1}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \S+ \(\S+ \[(\d+\.\d+\.\d+\.\d+)\]\)[\s\n]+by \ mtaout-\w+\.\w+\.mx\.aol\.com \(MUA/Third Party Client \ Interface\) with ESMTPA id \w+;\N}{$1}{$acl_m_web}} warn condition = ${if match{$sender_host_name}\ {\N^outbound\d+\.messaging\.lotuslive\.com$\N}} set acl_m_web = ${if match{$rheader_Received:}\ {\N^@[\w.-]+@(\d+\.\d+\.\d+\.\d+)\)\N}{$1}} warn set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ [\d.]+ (?:\(\[[\d.]+\]\) )?\(proxying[\s\n]+for[\s\n]+\ (\d+\.\d+\.\d+\.\d+)(, [\w.-]+)?\)\n\ \s+\(SquirrelMail authenticated user [^)\n\r]+\)\n\ \s+by [^\s\n]+ with HTTP;\n\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ (?:\S+ \(\[)?(\d+\.\d+\.\d+\.\d+)(?:\]\))?\n?\ \s+\(SquirrelMail authenticated user [^)\n\r]+\)\n\ \s+by [^\s\n]+ with HTTP;\n\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ (\d+\.\d+\.\d+\.\d+)(?: \(proxying for [^)]+\))?[\n\s]+\ \(RisuMail authenticated user \N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \S+ \(\](\d+\.\d+\.\d+\.\d+)\]\)[\s\n]+by[\s\n]+\S+[\s\n]+\ with[\s\n]+HTTP(?s).+\nUser-Agent: Roundcube Webmail\N}\ {$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \S+[\n\s]+\((?:\S+[\n\s]+)?\[(\d+\.\d+\.\d+\.\d+)\]\)[\n\s]+by\ [\n\s]+\S+[\n\s]+\(Horde[\n\s]+(Framework|MIME[\n\s]+library)\)\ [\n\s]+with[\n\s]+HTTP\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \[(\d+\.\d+\.\d+\.\d+)\] by \S+[\s\n\r]+ \(mshttpd\);\N}\ {$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ client (\d+\.\d+\.\d+\.\d+) for UebiMiau\d+\.\d+ \(webmail \ client\);\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \S+ \(\[(\d+\.\d+\.\d+\.\d+)\]\)[\n\s+]by \S+ \ with HTTP \(UebiMiau\);\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \[(\d+\.\d+\.\d+\.\d+)\] \(account \S+\)[\s\n\r]+by[\s\n\r]+\ \S+[\s\n\r]+\(CommuniGate Pro WEBUSER \S+\)[\s\n\r]+\ with[\s\n\r]+HTTP\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from\s+\ (?:\S+[\s\n]+)?\(\[(\d+\.\d+\.\d+\.\d+)\]\)[\s\n]+by[\s\n]+\S+\ [\s\n]+with[\s\n]+http[\s\n]\N}{$1}{$acl_m_web}} set acl_m_web = ${if match{$message_headers_raw}{\N\nReceived: from \ \S+ \(\[(\d+\.\d+\.\d+\.\d+)\]\)[\n\r]+\s+\ by mx.google.com with ESMTPS id \N}{$1}{$acl_m_web}} condition = ${if match{$bheader_X-Mailer:}{^OpenWebMail }} set acl_m_web = ${if match{$bheader_X-OriginatingIP:}\ {\N^\[?(\d+\.\d+\.\d+\.\d+)\]?( |$)\N}{$1}} warn condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_X-Originating-IP:}\ {\N^\[?(?:::ffff:)?(\d+\.\d+\.\d+\.\d+)\]?$\N}{$1}} warn condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_X-Client-IP:}\ {\N^(\d+\.\d+\.\d+\.\d+)$\N}{$1}} warn condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_X-Origin:}\ {\N^(\d+\.\d+\.\d+\.\d+)$\N}{$1}} warn condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_X-Originator:}\ {\N^(\d+\.\d+\.\d+\.\d+)$\N}{$1}} warn condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_X-SenderIP:}\ {\N^(\d+\.\d+\.\d+\.\d+)$\N}{$1}} warn condition = ${if !def:acl_m_web} set acl_m_web = ${if match{$bheader_X-PHP-Script:}\ {\N^\S+ for (\d+\.\d+\.\d+\.\d+)$\N}{$1}} deny message = webmail from $acl_m_web locally blacklisted condition = ${if def:acl_m_web} condition = ${if !eq{$sender_address_domain}{returns.groups.yahoo.com}} condition = ${lookup{$acl_m_web}iplsearch\ {/usr/local/etc/exim/blacklist_webmail}{1}{0}} Also in acl_check_data: deny message = "mail to friend" on news.yahoo.com abused by spammers condition = ${if match{$sender_host_name}\ {\N\.bullet\.(mail\.)?...?\.yahoo\.com$\N}} condition = ${if eq{$bheader_X-Yahoo-Newman-Property:}{mail-to-friend}} deny message = I consider a Chinese mailbox in Reply-To as a sign of spam. condition = ${if match_domain{${domain:$header_reply-to:}}\ {yahoo.cn:yahoo.com.cn:yahoo.com.hk:w.cn}} -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
