# Exim filter # based on Exim filter ## Version: 0.10 # # touch /var/log/exim/filterlog # chown mailnull /var/log/exim/filterlog # chgrp mail /var/log/exim/filterlog # chmod 640 /var/log/exim/filterlog # logfile /var/log/exim/filterlog #logwrite "$tod_log $message_id - processed" # # Only run any of this stuff on the first pass through the # filter - this is an optimisation for messages that get # queued and have several delivery attempts # # we express this in reverse so we can just bail out # on inappropriate messages # #ANTIVIRUS(`ClamAV', `QUARANTINE REJECT', # `clamd:/var/run/clamav/clamd', # `defer_no_mbox_unspool defer_next') #ANTIVIRUS(`ClamScan', `QUARANTINE REJECT', # `cmdline:/usr/local/bin/clamscan \ # --disable-summary \ # --max-space=40960 \ # --max-files=1024 \ # --max-recursion=8 \ # --max-ratio=256 \ # --unrar=/usr/local/bin/unrar \ # --mbox -r %s : FOUND : (\\S+) FOUND', # `defer_no_mbox_unspool defer_ok') #ANTIVIRUS(`aveserver', `REJECT QUARANTINE', # `aveserver:/var/run/aveserver', `defer_next defer_no_mbox_unspool') #ANTIVIRUS(`aveclient', `REJECT QUARANTINE', # `cmdline:/usr/local/share/kav/bin/aveclient \ # -s -p /var/run/aveserver \ # %s/* : LINFECTED : LINFECTED (.*)', # `defer_ok defer_no_mbox_unspool') if ${extract{3}{|}{$acl_m7}} matches "." then if first_delivery then logwrite "$tod_log $message_id ${extract{2}{|}{$acl_m7}} found a virus ${extract{3}{|}{$acl_m7}}" seen save ${extract{4}{|}{$acl_m7}} 640 mail from "AntiVirus Daemon " to ${extract{1}{|}{$acl_m7}} cc "AntiVirus Admin " reply_to "AntiVirus Admin " subject "Warning: virus has been found in message with subject \"$h_Subject:\"" extra_headers "Content-Transfer-Encoding: 8bit\nContent-Type: multipart/report; report-type=delivery-status;\n\tboundary=\"${extract{7}{|}{$acl_m7}}\"\nMIME-Version: 1.0\nAuto-Submitted: auto-generated (antivirus-notification)" expand file ${extract{8}{|}{$acl_m7}} endif seen finish endif if first_delivery then if $h_To: matches "@corpo\.falbi\.kiev\.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.corpo.$tod_logfile/ 660 elif $recipients matches "corpo@.+\.falbi\.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.corpo.$tod_logfile/ 660 elif $recipients matches "@apotex.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.apotex.${substr{0}{6}{$tod_zulu}}/ 660 elif $h_From: matches "@apotex.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.apotex.${substr{0}{6}{$tod_zulu}}/ 660 elif $recipients matches "@ed.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.ed.${substr{0}{6}{$tod_zulu}}/ 660 elif $h_From: matches "@ed.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.ed.${substr{0}{6}{$tod_zulu}}/ 660 elif $recipients matches "@vwclub.org.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.vwclub.$tod_logfile/ 660 elif $h_From: matches "@vwclub.org.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.vwclub.$tod_logfile/ 660 elif $recipients matches "@marimonchik.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.marimonchik.${substr{0}{6}{$tod_zulu}}/ 660 elif $h_From: matches "@marimonchik.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.marimonchik.${substr{0}{6}{$tod_zulu}}/ 660 elif $recipients matches "@fomichov.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.fomichov.${substr{0}{6}{$tod_zulu}}/ 660 elif $h_From: matches "@fomichov.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.fomichov.${substr{0}{6}{$tod_zulu}}/ 660 elif $recipients matches "@grechaniy.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.grechaniy.${substr{0}{6}{$tod_zulu}}/ 660 elif $h_From: matches "@grechaniy.kiev.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.grechaniy.${substr{0}{6}{$tod_zulu}}/ 660 elif $recipients matches "@strategy.edu.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.strategy.$tod_logfile/ 660 elif $h_From: matches "@strategy.edu.ua" then unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.strategy.$tod_logfile/ 660 else endif #unseen save /var/spool/vmail/bsd.falbi.kiev.ua/corvax/.backup.${substr{0}{8}{$tod_zulu}}/ 640 #unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.${substr{0}{8}{$tod_zulu}}/ 640 #unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.$tod_logfile/ 640 unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.backup.-all-.$tod_logfile/ 640 endif if not first_delivery then finish endif if error_message then finish endif if $h_X-Warn-Encoding: is not "" then logwrite "$tod_log $message_id saved because of encoding" unseen save /usr/local/mail/encoding/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Charset: is not "" then logwrite "$tod_log $message_id saved because of charset" unseen save /usr/local/mail/charset/$tod_zulu-${message_id} 640 endif if $h_X-Warn-8bit-Header: is not "" then logwrite "$tod_log $message_id saved because of 8bit used in header" unseen save /usr/local/mail/8bit-header/$tod_zulu-${message_id} 640 endif if $h_X-Warn-8bit-Envelope: is not "" then logwrite "$tod_log $message_id saved because of 8bit used in envelope" unseen save /usr/local/mail/8bit-envelope/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Resolve: is not "" then logwrite "$tod_log $message_id saved because of resolve" unseen save /usr/local/mail/resolve/$tod_zulu-${message_id} 640 endif if $h_X-Warn-RFC-Ignorant: is not "" then logwrite "$tod_log $message_id saved because of sender domain in RFC Ignorant List(s)" unseen save /usr/local/mail/rfc-ignorants/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Verisign: is not "" then logwrite "$tod_log $message_id saved because of sender domain has bad A record" unseen save /usr/local/mail/bad-sender-domain/$tod_zulu-${message_id} 640 endif if $h_X-Warn-HELO-Blacklisted: is not "" then logwrite "$tod_log $message_id saved because of helo is blacklisted" unseen save /usr/local/mail/helo-blacklisted/$tod_zulu-${message_id} 640 endif if $h_X-Warn-HELO-Forged: is not "" then logwrite "$tod_log $message_id saved because of helo is forged" unseen save /usr/local/mail/helo-forged/$tod_zulu-${message_id} 640 endif if $h_X-Warn-HELO-Own: is not "" then logwrite "$tod_log $message_id saved because of helo used my own credentials" unseen save /usr/local/mail/helo-own/$tod_zulu-${message_id} 640 endif if $h_X-Warn-HELO-Dial-up: is not "" then logwrite "$tod_log $message_id saved because of helo is dial-up/dsl" unseen save /usr/local/mail/helo-dialup/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Relay-Dial-up: is not "" then logwrite "$tod_log $message_id saved because of relay is dial-up/dsl" unseen save /usr/local/mail/relay-dialup/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Local: is not "" then logwrite "$tod_log $message_id saved because of this looks like a fake local message" unseen save /usr/local/mail/fake-local/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Internal: is not "" then logwrite "$tod_log $message_id saved because of this looks like a fake internal message" unseen save /usr/local/mail/fake-internal/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Message-Id: is not "" then logwrite "$tod_log $message_id saved because of Message-Id field is missed" unseen save /usr/local/mail/message-id/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Proxy: is not "" then logwrite "$tod_log $message_id saved because of open proxy detected" unseen save /usr/local/mail/open-proxy/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Mailer: is not "" then logwrite "$tod_log $message_id saved because of bad mailer used" unseen save /usr/local/mail/mailer/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Mailbox: is not "" then logwrite "$tod_log $message_id saved because of mailbox blacklisted" unseen save /usr/local/mail/mailbox/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Subject: is not "" then logwrite "$tod_log $message_id saved because of subject blacklisted" unseen save /usr/local/mail/subject/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Org: is not "" then logwrite "$tod_log $message_id saved because of organization blacklisted" unseen save /usr/local/mail/organization/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Digits: is not "" then logwrite "$tod_log $message_id saved because of there are too many digits" unseen save /usr/local/mail/digits/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Sender-Mailbox: is not "" then logwrite "$tod_log $message_id saved because of sender mailbox is invalid" unseen save /usr/local/mail/sender-mailbox/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Sender: is not "" then logwrite "$tod_log $message_id saved because of sender address is blacklisted" unseen save /usr/local/mail/sender/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Recipient: is not "" then logwrite "$tod_log $message_id saved because of recipient address is blacklisted" unseen save /usr/local/mail/recipient/$tod_zulu-${message_id} 640 endif if $h_X-Warn-DNSBL: is not "" then logwrite "$tod_log $message_id saved because of sender host address is in DNSBL" unseen save /usr/local/mail/dnsbl/$tod_zulu-${message_id} 640 endif if $h_X-Warn-HELO-Underscore: is not "" then logwrite "$tod_log $message_id saved because of underscore has been found in HELO" unseen save /usr/local/mail/helo-underscore/$tod_zulu-${message_id} 640 endif if $h_X-Warn-MIME: is not "" then logwrite "$tod_log $message_id saved because of mime error(s) detected" unseen save /usr/local/mail/mime/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Russian: is not "" then logwrite "$tod_log $message_id saved because of untrusted phrases detected in message body" unseen save /usr/local/mail/russian/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Boundary: is not "" then logwrite "$tod_log $message_id saved because of broken MIME container found" unseen save /usr/local/mail/boundary/$tod_zulu-${message_id} 640 endif if $h_X-Warn-Attachment: is not "" then logwrite "$tod_log $message_id saved because of attachment with double extensions" unseen save /usr/local/mail/attach/$tod_zulu-${message_id} 640 endif if $h_X-Warn-SPF: is not "" then logwrite "$tod_log $message_id saved because of is not allowed to send mail from " unseen save /usr/local/mail/spf/$tod_zulu-${message_id} 640 endif # перенаправление спама if $h_X-Spam-Flag: is "YES" then logwrite "$tod_log $message_id saved because of spam detected" unseen save /var/vmail/bsd.falbi.kiev.ua/corvax/.spam.probably-spam/ 640 endif #if $h_X-Warn-Attachment: matches "executable" then # logwrite "$tod_log $message_id saved because of executable extention detected" # seen save /usr/local/mail/executable/$tod_zulu-${message_id} 640 # finish #endif finish