# Exim filter # based on Exim filter ## Version: 0.10 # # touch /var/log/exim/filterlog # chown mailnull /var/log/exim/filterlog # chgrp mail /var/log/exim/filterlog # chmod 640 /var/log/exim/filterlog # logfile /var/log/exim/filterlog #logwrite "$tod_log $message_id - processed" # # Only run any of this stuff on the first pass through the # filter - this is an optimisation for messages that get # queued and have several delivery attempts # # we express this in reverse so we can just bail out # on inappropriate messages # if ${extract{3}{|}{$acl_m7}} matches "." then if first_delivery then # logwrite "$tod_log $message_id ${extract{2}{|}{$acl_m7}}: virus ${extract{3}{|}{$acl_m7}}; from ${if eq{$sender_host_name}{}{}{$sender_host_name }}[$sender_host_address]" logwrite "$tod_log $message_id ${extract{2}{|}{$acl_m7}}: virus ${extract{3}{|}{$acl_m7}}; from \ ${if eq{$sender_host_name}{}{\ ${if eq{$acl_c7}{}\ {[$sender_host_address]}\ {${extract{1}{\n}{$acl_c7}} [$sender_host_address] (may be forged)}\ }\ }{$sender_host_name [$sender_host_address]}}" seen save ${extract{4}{|}{$acl_m7}} 640 endif seen finish endif if first_delivery then unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.backup.$tod_logfile/ 640 endif if not first_delivery then finish endif if $h_X-Spam-Action: contains "quarantined" then if $h_X-Spam-Report: contains "BAYES_99" or $h_X-Spam-Status: contains "autolearn=spam" or $h_X-Spam-Report: contains "FUZZY_OCR" then logwrite "$tod_log $message_id saved because of certainly spam detected; original recipients: $recipients" seen save /var/vmail/localhost/admin/.spam.certainly-spam/ 640 else logwrite "$tod_log $message_id saved for learning because of certainly spam detected; original recipients: $recipients" seen save /var/vmail/localhost/admin/.spam.certainly-spam-learn/ 640 endif seen finish endif # # Do not edit this file # if $h_X-Quarantine-Encoding: is not "" then logwrite "$tod_log $message_id quarantined because of wrong/missing encoding; original recipients: $recipients" seen save /var/spool/quarantine/quarantine/encoding/${tod_zulu}-${message_id} 640 finish endif if $h_X-Quarantine-Rcpt: is not "" then logwrite "$tod_log $message_id quarantined because of recipient blacklisted; original recipients: $recipients" seen save /var/spool/quarantine/quarantine/rcpt/${tod_zulu}-${message_id} 640 finish endif if error_message then finish endif # # Do not edit this file # if $h_X-Warn-Encoding: is not "" then logwrite "$tod_log $message_id saved because of encoding" unseen save /var/spool/quarantine/warnings/encoding/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Charset: is not "" then logwrite "$tod_log $message_id saved because of charset" unseen save /var/spool/quarantine/warnings/charset/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-8bit-Header: is not "" then logwrite "$tod_log $message_id saved because of 8bit used in header" unseen save /var/spool/quarantine/warnings/8bit-header/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-8bit-Envelope: is not "" then logwrite "$tod_log $message_id saved because of 8bit used in envelope" unseen save /var/spool/quarantine/warnings/8bit-envelope/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Resolve: is not "" then logwrite "$tod_log $message_id saved because of resolve" unseen save /var/spool/quarantine/warnings/resolve/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-RFC-Ignorant: is not "" then logwrite "$tod_log $message_id saved because of sender domain in RFC Ignorant List(s)" unseen save /var/spool/quarantine/warnings/rfc-ignorants/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Verisign: is not "" then logwrite "$tod_log $message_id saved because of sender domain has bad A record" unseen save /var/spool/quarantine/warnings/bad-sender-domain/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Mail-A: is not "" then logwrite "$tod_log $message_id saved because of sender domain has bad A record" unseen save /var/spool/quarantine/warnings/bad-sender-domain-a/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Mail-MX: is not "" then logwrite "$tod_log $message_id saved because of sender domain has bad MX record" unseen save /var/spool/quarantine/warnings/bad-sender-domain-mx/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-HELO-Blacklisted: is not "" then logwrite "$tod_log $message_id saved because of helo is blacklisted" unseen save /var/spool/quarantine/warnings/helo-blacklisted/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-HELO-Forged: is not "" then logwrite "$tod_log $message_id saved because of helo is forged" unseen save /var/spool/quarantine/warnings/helo-forged/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-HELO-Own: is not "" then logwrite "$tod_log $message_id saved because of helo used my own credentials" unseen save /var/spool/quarantine/warnings/helo-own/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-HELO-Dial-up: is not "" then logwrite "$tod_log $message_id saved because of helo is dial-up/dsl" unseen save /var/spool/quarantine/warnings/helo-dialup/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Relay-Dial-up: is not "" then logwrite "$tod_log $message_id saved because of relay is dial-up/dsl" unseen save /var/spool/quarantine/warnings/relay-dialup/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Relay-BlackListed: is not "" then logwrite "$tod_log $message_id saved because of relay is blacklisted" unseen save /var/spool/quarantine/warnings/relay-blacklisted/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Local: is not "" then logwrite "$tod_log $message_id saved because of this looks like a fake local message" unseen save /var/spool/quarantine/warnings/fake-local/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Internal: is not "" then logwrite "$tod_log $message_id saved because of this looks like a fake internal message" unseen save /var/spool/quarantine/warnings/fake-internal/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Message-Id: is not "" then logwrite "$tod_log $message_id saved because of Message-Id field is missed" unseen save /var/spool/quarantine/warnings/message-id/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Proxy: is not "" then logwrite "$tod_log $message_id saved because of open proxy detected" unseen save /var/spool/quarantine/warnings/open-proxy/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Mailer: is not "" then logwrite "$tod_log $message_id saved because of bad mailer used" unseen save /var/spool/quarantine/warnings/mailer/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Mailbox: is not "" then logwrite "$tod_log $message_id saved because of mailbox blacklisted" unseen save /var/spool/quarantine/warnings/mailbox/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Subject: is not "" then logwrite "$tod_log $message_id saved because of subject blacklisted" unseen save /var/spool/quarantine/warnings/subject/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Org: is not "" then logwrite "$tod_log $message_id saved because of organization blacklisted" unseen save /var/spool/quarantine/warnings/organization/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Sender-Mailbox: is not "" then logwrite "$tod_log $message_id saved because of sender mailbox is invalid" unseen save /var/spool/quarantine/warnings/sender-mailbox/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Sender: is not "" then logwrite "$tod_log $message_id saved because of sender address is blacklisted" unseen save /var/spool/quarantine/warnings/sender/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Recipient: is not "" then logwrite "$tod_log $message_id saved because of recipient address is blacklisted" unseen save /var/spool/quarantine/warnings/recipient/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-DNSBL: is not "" then logwrite "$tod_log $message_id saved because of sender host address is in DNSBL" unseen save /var/spool/quarantine/warnings/dnsbl/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-HELO-Underscore: is not "" then logwrite "$tod_log $message_id saved because of underscore has been found in HELO" unseen save /var/spool/quarantine/warnings/helo-underscore/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-MIME: is not "" then logwrite "$tod_log $message_id saved because of mime error(s) detected" unseen save /var/spool/quarantine/warnings/mime/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Russian: is not "" then logwrite "$tod_log $message_id saved because of untrusted phrases detected in message body" unseen save /var/spool/quarantine/warnings/russian/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Boundary: is not "" then logwrite "$tod_log $message_id saved because of broken MIME container found" unseen save /var/spool/quarantine/warnings/boundary/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-Attachment: is not "" then logwrite "$tod_log $message_id saved because of attachment with double extensions" unseen save /var/spool/quarantine/warnings/attach/${tod_zulu}-${message_id} 640 endif if $h_X-Warn-SPF: is not "" then logwrite "$tod_log $message_id saved because of is not allowed to send mail from " unseen save /var/spool/quarantine/warnings/spf/${tod_zulu}-${message_id} 640 endif # перенаправление спама if $h_X-Spam-Flag: is "YES" then logwrite "$tod_log $message_id saved because of spam detected; original recipients: $recipients" unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.probably-spam/ 640 endif if $h_X-Spam-Checker-Version-Old: contains "corvax.falbi.kiev.ua" or $h_X-Spam-Checker-Version-Old: contains "coms.falbi.kiev.ua" then if $h_X-Spam-Level-Old: contains "********" then if $h_X-Spam-Report-Old: contains "BAYES_99" then logwrite "$tod_log $message_id saved because of certainly spam detected; original recipients: $recipients" seen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.certainly-spam/ 640 else logwrite "$tod_log $message_id saved for learning because of certainly spam detected; original recipients: $recipients" seen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.certainly-spam-learn/ 640 endif seen finish endif if $h_X-Spam-Flag-Old: is "YES" then logwrite "$tod_log $message_id saved because of probably spam detected; original recipients: $recipients" unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.probably-spam/ 640 endif endif if $h_X-Spam-Report: contains "BAYES_99" then logwrite "$tod_log $message_id saved because of probably spam with bayes99 to $recipients" unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.bayes99/ 640 endif if $h_X-Spam-Status: contains "autolearn=ham" then unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.bayes_autolearn_ham/ 640 else if $h_X-Spam-Status: contains "autolearn=spam" then unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.bayes_autolearn_spam/ 640 else if $h_X-Spam-Report: is not "" and not $h_X-Spam-Report: contains "BAYES" then logwrite "$tod_log $message_id saved because of no bayes scores" unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.bayes_unknown/ 640 endif endif endif #if $h_X-Spam-Score: contains "++++++++++" then # logwrite "$tod_log $message_id saved because of certainly spam detected" # unseen save /var/vmail/corvax.falbi.kiev.ua/corvax/.spam.certainly-spam/ 640 #endif #if $h_X-Warn-Attachment: matches "executable" then # logwrite "$tod_log $message_id saved because of executable extention detected" # seen save /usr/local/mail/executable/$tod_zulu-${message_id} 640 # finish #endif if $acl_c3 is not "" then unseen pipe "/usr/local/debug/mail/exim/conf/delivery2imap/deliver.pl $acl_c3" endif finish