Email filter help

[LV426]

My site host uses Cpanel and I regularly use it's email blocking feature to stop spam (the SPAM ASSASSIN is too agressive). However, I now need a more complex filter rule than I can make with the UI. What it need to do is block all emails whos content-type header contains &text/html& and content-transfer-encoding is &base64&. Some messages have two of each of these headers; I only want the filter to apply to the first set. I've seen the .filter file in my home directory with my filter lines like &$message_body matches &.*free stuff.*&& and I understand most of the Exim variables and basic usage. What would work for me is if I knew what var gives me the message source so the filter line would be:

$message_source matches &.*Content-Type: text/html; charset=&.*&.Content-Transfer-Encoding: base64.*&

But what should $message_source really be? Or it there any better way I should do this?

 

[ecoutez]

Call me curious...

What are you trying to accomplish? I have anti-virus scanning (the real stuff - not blocking based on file extentions) working with CPanel's Exim mail server. I'll repeat the process and document the installation, and post the information here in the next few days.

- Jason

 

[LV426]

I'm trying to block emails whos content-type header contains &text/html& and content-transfer-encoding header is &base64&. Spammers are now sending html emails that are base64 encoded. This keeps the regular keyword filtering from working because the email is not in plain text. I want to check both headers so I don't block attachments that are base64 encoded block regular html emails. I'm not an admin on the system, so I can't install anything extra. I was looking to do this by modifying the .filter file.

 

[hglee]

Blocking a range of IP addresses from CPanel's web interface

Is the scenario outlined in my subject (above) possible? I have used the following formula in the past with some success (please don't flame me for the APNIC illustration, it is an example only):

Any Header ==&
matches regexp ==&
&\[200\.[0-9]+\.[0-9]+\.[0-9]+\]&

I have found that this blocks all mail with [200.xxx.xxx.xxx] in any header. However, owing to the documented SpamAssassin bug (blocking all mail), I have been unable to fully isolate (and therefore fully test) this scenario. To be more specific, all mail is getting blocked, and I'm unsure as to whether my filter is blocking all mail or whether SpamAssassin is.

Has anyone on this forum had success blocking a range of IP addresses (with or without SpamAssassin)? To me, this seems the best way to block 90% of the spam I receive (as I can identify legitimate ranges and block others that are known sources of spam).

I should point out that I only have access to CPanel and SSH for my account.


Thanks,

-hglee