> From: Paul Lenz <p...@lenz-online.de> > The mentioned text "Loteria" was clearly visible in the body, because it > was attached as > Content-Type: text/plain; charset="Windows-1251" > Content-Transfer-Encoding: 7bit
Connect with your server using SSH, give the command: exim -bP acl_smtp_data In your case it must say: acl_smtp_data = check_message If it says something else then it's the reason why this in your config didn't work: #!!# ACL that is used after the DATA command check_message: deny senders = /etc/exim4/blockeddoms discard message = "Loteria in message body" !senders = : condition = ${if match{${lc:$message_body}}{loteria|lottery}{yes}{no}} > Anyway I will try your code An afterthought: better with \b instead of \s > Why do you want to reject spam? Sometimes your rules will make mistakes (called "false positives") considering an honest message as a spam. If spam is rejected then the human sender knows about that and sees what you wrote in "message". > Isn't it a waste of traffic "deny" in RCPT causes less traffic (message body isn't transmitted). "deny" in DATA or MIME - no difference in traffic, only what you wrote in "message" is transmitted. > and may > cause useless bounces? "deny" in ACL doesn't cause your Exim to send a separate letter called a "bounce". Your Exim refuses to accept the message. The sending server may create a bounce, but it's helpful in case of a false positive. > 2. I would prefer to use my director which simply moves spam detected by > SpamAssassin into a waste bin: Is the "waste bin" a folder you look at once a day or so? My Exim either accepts a message into Inbox or rejects what it considers spam, with few exceptions (I seldom use "discard"). I don't use SpamAssassin, my VPS with Exim (and a web-server) has only 64M RAM. > spamkill_director: > driver = accept > check_local_user > condition = "${if def:h_X-Spam-Flag: {1}{0}}" > transport = spamkill > no_verify > > How can I set this flag instead of denying a message if "loteria" was > detected? You can set an "acl_m_" variable and check it in that router. > I had a look on you file "Lena-eximconf-run.txt". > I wonder how this set of rules can detect viruses. Currently it checks only what is mentioned in WINBIN and COMPREXT. > I wrote a plugin for Spamassassin which unzips every attachement and > (IMHO very important) unzips every MS Office file (xlsx, xlsm, docx) and > looks for strings like "rundll32" or "This program cannot be run in DOS > mode" and some others. Good idea (about Office files). Perhaps I can replicate this in Exim without SpamAssassin if you send me your code or a link to it. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/