До момента, когда обсуждали этот вопрос, ко мне спам с orange.fr не попадал.
Но последние несколько дней смотрю по логам - есть.
Мне хватило такого правила:
condition = ${if match {$bheader_Message-ID:}
{\N^<[\dA-F]{32}@[a-z]{4,7}>$\N}}
condition = ${if match {$message_headers_raw} {\NReceived: from
Unknown\N} }
Спасибо за наводку :)
-----Original Message-----
From: exim-users-boun...@mailground.net
[mailto:exim-users-boun...@mailground.net] On Behalf Of l...@lena.kiev.ua
Sent: Saturday, December 01, 2012 12:58 AM
To: Exim MTA на русском
Subject: Re: [Exim-users] spam from smtp05.smtpout.orange.fr
Это вот эти гады с ботнетом:
http://почта-5.рф (и с другими цифрами вместо 5).
Переделанный вариант для acl_check_data:
deny message = rejected because recognized as sent by Russian spambot via
\
a relay authenticated with a stolen password (type 7)
condition = ${if match{$rheader_Message-ID:}\
{\N<[\dA-F]{32}@[a-z]{5}>\N}}
condition = ${if def:header_To:}
condition = ${if !def:header_Cc:}
condition = ${if !def:header_In-Reply-To:}
condition = ${if !def:header_Importance:}
condition = ${if !def:header_X-Mailing-List:}
condition = ${if !def:header_List-Unsubscribe:}
condition = ${if !def:header_Sender:}
condition = ${if !def:header_X-Sender:}
condition = ${if
!eq{$sender_address_domain}{returns.groups.yahoo.com}}
condition = ${if !match{${addresses:>, ${rheader_To:}}{,}}
# single address in To
condition = ${if !forany{<, $recipients}\
{eqi{$item}{${address:${rheader_To:}}}}}
condition = ${if match{rheader_X-Mailer:}{Microsoft Windows Live
Mail}}
condition = ${if match{rheader_To:}{\N=\?windows-1251\?B\?\N}}
condition = ${if match{rheader_Date:}{\N \+0600\N}}
_______________________________________________
Exim-users mailing list
Exim-users@mailground.net
http://mailground.net/mailman/listinfo/exim-users
_______________________________________________
Exim-users mailing list
Exim-users@mailground.net
http://mailground.net/mailman/listinfo/exim-users
