12 月 17 2007
在 exim 上面作 anti spam
在網路上看了一堆網頁,也摸索了好一陣子,剛才弄出這些設定:
- 在 HELO 或 EHLO 指令時作檢查的 acl name 是 check_hello:
check_hello:
deny message = HELO/EHLO with my ip address. You are not me.
log_message = HELO/EHLO my.ip
condition = ${if eq {$sender_helo_name}{###.###.###.###} {yes}{no}}deny message = Fine, then the mail I accept is also none
log_message = HELO/EHLO none
condition = ${if match {$sender_helo_name}{none} {yes}{no}}accept
- MAIL 用的 acl name 是 check_mail :
check_mail:
deny message = $sender_host_address is listed in $dnslist_domain
hosts = !+relay_hosts
!authenticated = *
dnslists = bl.spamcop.net : \
sbl.spamhaus.org : \
list.dsbl.org : \
cbl.anti-spam.org.cndeny message = Fake Yahoo, so you must be spam.
log_message = Fake Yahoo
senders = *@yahoo.com
condition = ${if match {$sender_host_name}{\Nyahoo.com$\N}{no}{yes}}deny message = Fake hotmail, so you must be spam.
log_message = Fake hotmail
senders = *@hotmail.com
condition = ${if match {$sender_host_name}{\Nhotmail.com$\N}{no}{yes}}deny message = Fake MSN, so you must be spam.
log_message = Fake MSN
senders = *@msn.com
condition = ${if match {$sender_host_name}{\N(hotmail|msn).com$\N}{no}{yes}}deny message = Fake AOL, so you must be spam.
log_message = Fake AOL
senders = *@aol.com
condition = ${if match {$sender_host_name}{\Nmx.aol.com$\N}{no}{yes}}deny message = Fake Gmail, so you must be spam.
log_message = Fake Gmail
senders = *@gmail.com
condition = ${if match {$sender_host_name}{\Ngoogle.com$\N}{no}{yes}}accept
- DATA 用的 acl name 是 check_data:
check_data:
deny message = Message SHOULD have Message-ID: but does not
condition = ${if !def:h_Message-ID: {1}}deny message = Message SHOULD have Date: but does not
condition = ${if !def:h_Date: {1}}accept
要讓 exim 在 HELO(或 EHLO)、MAIL 與 DATA 指令時作檢查,設定檔裡面要有這三行:
acl_smtp_mail = check_mail
acl_smtp_helo = check_hello
acl_smtp_data = check_data
目前在 log 看到的成效還不錯。
參考網址:
12 月 19 2007
不用 anti-spam.org.cn 的 RBL 了…
剛剛發現 anti-spam.org.cn 的 CBL 把 Xuite 的 smtp server 列進去了(IP 是 210.242.46.140)。
所以在 sendmail、Postfix、exim 的設定中把 anti-spam.org.cn 的 RBL 拿掉了。
另外,在 exim 中,把 前一篇 post 的 ACL 擴充成以下這樣:
話說… 前一篇 post 的 ACL 加上去之後, reject log 的檔案大小爆跳成原本的三倍多。
By Joe Horn • Mail 0 • Tags: DNSBL, exim, Postfix, RBL, sendmail