Re: [exim] Exim4 skips SpamAssassin if attachments are too big

Sat, 16 Sep 2017 12:11:50 -0700

Sorry, this is the wrong place in the thread structure, but I did not receive Lena'S message in my mailbox. 

Hello Lena,


sorry for the delay, I was busy with other things. No I want to come 
back to you.



The mentioned text "Loteria" was clearly visible in the body, because it 
was attached as

Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit

Anyway I will try your code because you seem to be a real Exim4 wizard.

But I have two questions:


1. Why do you want to reject spam? Isn't it a waste of traffic and may 
cause useless bounces?



2. I would prefer to use my director which simply moves spam detected by 
SpamAssassin into a waste bin:


spamkill_director:
  driver = accept
  check_local_user
  condition = "${if def:h_X-Spam-Flag: {1}{0}}"
  transport = spamkill
  no_verify


How can I set this flag instead of denying a message if "loteria" was 
detected?




And by the way, I had a look on you file "Lena-eximconf-run.txt".
I wonder how this set of rules can detect viruses.

I wrote a plugin for Spamassassin which unzips every attachement and 
(IMHO very important) unzips every MS Office file (xlsx, xlsm, docx) and 
looks for strings like "rundll32" or "This program cannot be run in DOS 
mode" and some others. I am rather sure that this plugin saved me from 
WannaCry.


BR
Paul Lenz




Lena wrote:


> From: Paul Lenz

> Today I received again an 1,3 MB message with Lottery spam.
> In the body is clearly to be seen "ONLINE LOTTERY DEPARTMENT".

What you see as message body is not the same as what Exim considers as
message body. You see a text/html or text/plain part,
for Exim message body is all parts (encoded) and their separators.
Use something like "View Source" in your mail client (MUA)
to look at what Exim considers as message body.

>     discard message = "Loteria in message body"
>         !senders   = :
>         condition  = ${if match {${lc:$message_body}}
> {loteria|lottery}{yes}{no}}



acl_smtp_mime = acl_check_mime
begin acl
acl_check_mime:
  deny  message = rejected as spam because of forbidden word in body
        condition = ${if match{$mime_content_type}{text/}}
        mime_regex = \N(?i)\s(loteria|lottery)\s



accept

Some other examples: http://lena.kiev.ua/Lena-eximconf-run.txt




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/























					Reply via email to