Email filter to block messages with "re [##]" subject

touma

Member
Apr 13, 2004
22
0
151
São Paulo - Brasil
Hi guys,

I was receiving spam with subjects like re[34], Re [45]:, etc... that spam assassin didn't catch... :mad:

well, the solution: filter with regex. :D

just set a filter in CPanel where the 'Subject' 'matches regex' and put "\\N^((?i)re)(\\s|)+\\[([0-9])+\\]:)|)$\\N" (without quotes) in the input box...

It will match: re[12], RE [3], Re [43]:, Re[55]:, and variations...

Have a nice filtering! :)

If anyone wants to understand the regex, please ask me...

Marcel Touma
 

minotauro

Well-Known Member
Jan 19, 2004
89
0
156
touma said:
Hi guys,

I was receiving spam with subjects like re[34], Re [45]:, etc... that spam assassin didn't catch... :mad:

well, the solution: filter with regex. :D

just set a filter in CPanel where the 'Subject' 'matches regex' and put "\\N^((?i)re)(\\s|)+\\[([0-9])+\\]:)|)$\\N" (without quotes) in the input box...

It will match: re[12], RE [3], Re [43]:, Re[55]:, and variations...

Have a nice filtering! :)

If anyone wants to understand the regex, please ask me...

Marcel Touma
Hello Marcel,

Greatz post! Perfect filter. Do you have others filters do send me?

Regards,
Minotauro.
 

touma

Member
Apr 13, 2004
22
0
151
São Paulo - Brasil
Hi Minotauro, thanks!

I don't have other filters yet... but every time I create one, I will post it here... :)


Regards,
Marcel Touma
 
Last edited:

minotauro

Well-Known Member
Jan 19, 2004
89
0
156
Bruce said:
Is there a way to set this up in Exim.conf file ?

Anyone ?
Hello Bruce,

You need open a /etc/antivirus.exim and put:

if
$header_subject: matches "\\N^((?i)re)(\\s|)+\\[([0-9])+\\]:)|)\$\\N"
then
seen finish
endif

I already test and work fine! :) Thanks Touma.

Regards,
Minotauro.
 

minotauro

Well-Known Member
Jan 19, 2004
89
0
156
Bruce said:
THANKS minotauro :)
Works like a charm !
Any idea how to setup your own dns blacklist ?
http://forums.cpanel.net/showthread.php?t=41853&highlight=blackholes
Hello Bruce,

To configure a blacklists, open your /etc/exim.conf, and find the line "begin acl" (so so the line 230). Below I replicate my exim.conf with one blacklist already working (if you like configuration another blacklist, only replicate two line and change the URL of list and message).

#!!#######################################################!!#
#!!# This new section of the configuration contains ACLs #!!#
#!!# (Access Control Lists) derived from the Exim 3 #!!#
#!!# policy control options. #!!#
#!!#######################################################!!#

#!!# These ACLs are crudely constructed from Exim 3 options.
#!!# They are almost certainly not optimal. You should study
#!!# them and rewrite as necessary.

begin acl

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

deny dnslists = sbl-xbl.spamhaus.org
message = Connection denied spamhaus.org

# Accept bounces to lists even if callbacks or other checks would fail
warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
condition = \
${if and {{match{$local_part}{(.*)-bounces\+.*}} \
{exists {/usr/local/cpanel/3rdparty/mailman/lists/${lc:$1}/config.pck}}} \
{yes}{no}}

Regards,
Minotauro.
 

kashif

Active Member
Jul 11, 2003
29
0
151
Lahore
Regarding discard emails having .zip attachments

Dear friends,

If I want to discard emails having attchments of .zip extension, then what I need to set in CPanel filters for a specific domain. Waiting for th response.
 

minotauro

Well-Known Member
Jan 19, 2004
89
0
156
kashif said:
Dear friends,

If I want to discard emails having attchments of .zip extension, then what I need to set in CPanel filters for a specific domain. Waiting for th response.
Hello kashif,

I only know how to configure to all domain (in file /etc/antivirus.exim). Sorry!

Regards,
Minotauro.