До момента, когда обсуждали этот вопрос, ко мне спам с orange.fr не попадал. Но последние несколько дней смотрю по логам - есть.
Мне хватило такого правила: condition = ${if match {$bheader_Message-ID:} {\N^<[\dA-F]{32}@[a-z]{4,7}>$\N}} condition = ${if match {$message_headers_raw} {\NReceived: from Unknown\N} } Спасибо за наводку :) -----Original Message----- From: exim-users-boun...@mailground.net [mailto:exim-users-boun...@mailground.net] On Behalf Of l...@lena.kiev.ua Sent: Saturday, December 01, 2012 12:58 AM To: Exim MTA на русском Subject: Re: [Exim-users] spam from smtp05.smtpout.orange.fr Это вот эти гады с ботнетом: http://почта-5.рф (и с другими цифрами вместо 5). Переделанный вариант для acl_check_data: deny message = rejected because recognized as sent by Russian spambot via \ a relay authenticated with a stolen password (type 7) condition = ${if match{$rheader_Message-ID:}\ {\N<[\dA-F]{32}@[a-z]{5}>\N}} condition = ${if def:header_To:} condition = ${if !def:header_Cc:} condition = ${if !def:header_In-Reply-To:} condition = ${if !def:header_Importance:} condition = ${if !def:header_X-Mailing-List:} condition = ${if !def:header_List-Unsubscribe:} condition = ${if !def:header_Sender:} condition = ${if !def:header_X-Sender:} condition = ${if !eq{$sender_address_domain}{returns.groups.yahoo.com}} condition = ${if !match{${addresses:>, ${rheader_To:}}{,}} # single address in To condition = ${if !forany{<, $recipients}\ {eqi{$item}{${address:${rheader_To:}}}}} condition = ${if match{rheader_X-Mailer:}{Microsoft Windows Live Mail}} condition = ${if match{rheader_To:}{\N=\?windows-1251\?B\?\N}} condition = ${if match{rheader_Date:}{\N \+0600\N}} _______________________________________________ Exim-users mailing list Exim-users@mailground.net http://mailground.net/mailman/listinfo/exim-users _______________________________________________ Exim-users mailing list Exim-users@mailground.net http://mailground.net/mailman/listinfo/exim-users