|
List Info
Thread:
|
|
|
 
United States |
2007-12-30 23:46:27 |
|
Funny, I never got this.. Ha ha.. Guess my filter caught it???
I see it made it to the list though because I went to
http://news.netwinsite.com:8119/webnews?group=netwin.surgemail&cmd=list
and checked.
I imagine many others on the list didn't get my message either.. Guess
it wasn't too smart to put the actual word describing the male anatomy
in the email.
Oh well, if any of you get a chance, go to the archive at the URL above
and see my original post with the subject Text Filter.
Any advice would be appreciated.
It seems that the test method doesn't catch the word but when real mail
comes in it does???
Thanks..
--Todd
-------- Original Message --------
In the GUI, I have set a manual rule (actually a bunch) that is suppose
to block the word "*******" in the body.
I have set:
Header: Body
Contains: ******
Action: Drop
Destination or Reason: ***** spam
I put this in the body test box:
To: here.com">me here.com
From: bobhere
Subject: testing
*****
Then I hit "Test Filter Now" and I get:
ACCEPTED IT (No Rule Applied)
Any idea why?
I am running SurgeMail Version 3.8k4-4, Built Aug 29 2007 12:10:24,
Platform Linux
--Todd
|
| Re: Text filter |
United States |
2007-12-31 03:20:51 |
|
|
Open mfilter.rul in a text editor. Ctrl+F to Find
the line in question. The line should look like this -- without the #
signs.
if (isin("body","BANK #OF NIG#ERIA")) drop "mfilter drop
body BANK #OF NIG#ERIA"
After creating the line and saving the file, click on
Tellmail (on the Admin left menu) and in the 2nd line (raw tellmail command)
type in 'reload' and hit the execute button.
Other good line formats are:
(Putting in our customer's email address tells us whom
we're doing this for.)
if (isin("From","bargain#trend.com")) bounce "550
No Such User - Unable to verify sender's address."
(hey, it's a spammer. Might get lucky and actually
have them remove this address off their list if one of the reasons
works.)
(instead of bouncing everything, why
not redirect them to an account that you can monitor -- just to see what it
catches. It's a good way to find errors!)
if (isin("head","webmail1.abac.com"))
reject "550 No Such User - Unable to verify sender's address."
(This goes one step further in
blocking anything from/to a particular domain or keyword)
This one will block all emails with
ANY Received Header line that contains speedy.com.ar:
if (isin("Received","speedy.com.ar"))
reject "550 - TOO MANY SPAMS FROM speedy.com.ar"
This line is currently in alpha
testing and will be available in the next Rev probably. This limits
the ;filtering to only the IP that's sending the mail to us (the
Envelope):
if
(isin("sender-ipname","speedy.com.ar")) reject "550 - TOO MANY SPAMS FROM
speedy.com.ar"
Personally, I think your filters are
too strong if you're hosting email for other people. Here at our place we
need to be careful of what we choose to hard bounce. We
prefer
if (isin("from","aol.in")) call
replace("X-Friends-Request","*","true")
which will force a Friends Request -- and will work as long as
our customer doesn't have Friends 'disabled'.
This can be very powerful if From is replaced by head,
X-SpamDetect, URLs, Body, etc.)
if (isin("urls","newyear#withlove.com")) drop "mfilter drop
INFECTED LINK"
Note that if you think ahead and structure the
reasons consistently ("mfilter drop INFECTED LINK" ), you can then do Log
searches for mfilter reject, mfilter drop, mfilter redirect, etc. and can see
how well the system is performing.
BarryZ
1USA
|
[1-2]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|