On Sat, Sep 02, 2017 at 03:02:43PM +0200, Paul Lenz wrote: > I would be already glad, if my Exim rules would work. > > Today I received again an 1,3 MB message with Lottery spam. > In the body is clearly to be seen "ONLINE LOTTERY DEPARTMENT". > > I am unsing this rule: > > #!!# ACL that is used after the DATA command > check_message: > deny senders = /etc/exim4/blockeddoms > > discard message = "Loteria in message body" > !senders = : > condition = ${if match {${lc:$message_body}} > {loteria|lottery}{yes}{no}} > > What if wrong? Why did I receive this spam?
If your message is base64-encoded, this condition would fail. Message can have several text parts with different encodings, for HTML the word "lottery" can be splitted artificially to bypass spam filters. Run Exim with "-d+acl" on this message to look how acl works. -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/