Re: [Exim-users] spam from smtp05.smtpout.orange.fr

George L. Yermulnik Fri, 07 Dec 2012 04:11:35 -0800

Hello!

On Fri, 07 Dec 2012 at 11:46:55 (+0200), Golub Mikhail wrote:


> До момента, когда обсуждали этот вопрос, ко мне спам с orange.fr не попадал.
> Но последние несколько дней смотрю по логам - есть.

> Мне хватило такого правила:
>      condition = ${if match {$bheader_Message-ID:}
> {\N^<[\dA-F]{32}@[a-z]{4,7}>$\N}}
>      condition = ${if match {$message_headers_raw} {\NReceived: from
> Unknown\N} }

В втором кондишене можно без "\N" обойтись.
Не принципиально. Просто бросилось в глаза, что регекспов нет, а "\N"
- есть =)

> Спасибо за наводку :)

> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of [email protected]
> Sent: Saturday, December 01, 2012 12:58 AM
> To: Exim MTA на русском
> Subject: Re: [Exim-users] spam from smtp05.smtpout.orange.fr

> Это вот эти гады с ботнетом:
> http://почта-5.рф   (и с другими цифрами вместо 5).

> Переделанный вариант для acl_check_data:

>   deny  message = rejected because recognized as sent by Russian spambot via
> \
>                   a relay authenticated with a stolen password (type 7)
>         condition = ${if match{$rheader_Message-ID:}\
>                               {\N<[\dA-F]{32}@[a-z]{5}>\N}}
>         condition = ${if def:header_To:}
>         condition = ${if !def:header_Cc:}
>         condition = ${if !def:header_In-Reply-To:}
>         condition = ${if !def:header_Importance:}
>         condition = ${if !def:header_X-Mailing-List:}
>         condition = ${if !def:header_List-Unsubscribe:}
>         condition = ${if !def:header_Sender:}
>         condition = ${if !def:header_X-Sender:}
>         condition = ${if
> !eq{$sender_address_domain}{returns.groups.yahoo.com}}
>         condition = ${if !match{${addresses:>, ${rheader_To:}}{,}}
>                          # single address in To
>         condition = ${if !forany{<, $recipients}\
>                                 {eqi{$item}{${address:${rheader_To:}}}}}
>         condition = ${if match{rheader_X-Mailer:}{Microsoft Windows Live
> Mail}}
>         condition = ${if match{rheader_To:}{\N=\?windows-1251\?B\?\N}}
>         condition = ${if match{rheader_Date:}{\N \+0600\N}}

> _______________________________________________
> Exim-users mailing list
> [email protected]
> http://mailground.net/mailman/listinfo/exim-users

> _______________________________________________
> Exim-users mailing list
> [email protected]
> http://mailground.net/mailman/listinfo/exim-users

-- 
George L. Yermulnik
[YZ-RIPE]

_______________________________________________
Exim-users mailing list
[email protected]
http://mailground.net/mailman/listinfo/exim-users

Re: [Exim-users] spam from smtp05.smtpout.orange.fr

Ответить