ບັນທຶກການ Block incoming and outgoing spam mail ດ້ວຍມື ໃນ exim
ບັນທຶກການ ບ໋ອກ spam mail ດ້ວຍມື ໃນ exim
ເປັນການກຳນົດ filter ຂອງ exim ເຊິ່ງມີຜົນທັງ incoming / outgoing mail
ສັ່ງຄຳສັ່ງລຸ່ມນີ້ເທື່ອລະຄຳສັ່ງ
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage
nano /etc/system_filter.exim
ກ໋ອບເອົາຄຳສັ່ງລຸ່່ມນີ້ໄປໃສ່ທ້າຍສຸດຂອງໄຟລ /etc/system_filter.exim:
# START # Filters all incoming an outgoing mail logfile /var/log/exim/filter.log 0644 ## Common Spam if # Header Spam $header_subject: contains "Pharmaceutical" or $header_subject: contains "Viagra" or $header_subject: contains "Cialis" or $header_subject: is "The Ultimate Online Pharmaceutical" or $header_subject: contains "***SPAM***" or $header_subject: contains "[SPAM]" or $header_subject: contains "returning message to sender" or $header_subject: contains "size" or $header_subject: contains "Watches" or $header_subject: contains "Replica" or $header_subject: contains "carrier" or $header_subject: contains "delivery" or $header_subject: contains "failed" or $header_subject: contains "Error" # Body Spam or $message_body: contains "Cialis" or $message_body: contains "Viagra" or $message_body: contains "Leavitra" or $message_body: contains "St0ck" or $message_body: contains "Viaagrra" or $message_body: contains "Cia1iis" or $message_body: contains "URGENT BUSINESS PROPOSAL" or $message_body: contains "X-Assp-Spam: YES" then # Log Message - SENDS RESPONSE BACK TO SENDER # SUGGESTED TO LEAVE OFF to prevent fail loops # and more work for the mail system # fail text "Message has been rejected because it hasn # triggered our central filter." logwrite "$tod_log $message_id from $sender_address contained spam keywords" seen finish endif # END # Filters all incoming an outgoing mail # START # All outgoing mail on the server only - what is sent out #Check forwarders so it doesn't get blocked #Forwarders still work =) ## FINANCIAL FAKE SENDERS ## Log all outgoing mail from server that matches rules if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ( $header_from contains "@citibank.com" or $header_from contains "@bankofamerica.com" or $header_from contains "@wamu.com" or $header_from contains "@ebay.com" or $header_from contains "@chase.com" or $header_from contains "@paypal.com" or $header_from contains "@wellsfargo.com" or $header_from contains "@bankunited.com" or $header_from contains "@bankerstrust.com" or $header_from contains "@bankfirst.com" or $header_from contains "@capitalone.com" or $header_from contains "@citizensbank.com" or $header_from contains "@jpmorgan.com" or $header_from contains "@wachovia.com" or $header_from contains "@bankone.com" or $header_from contains "@suntrust.com" or $header_from contains "@amazon.com" or $header_from contains "@banksecurity.com" or $header_from contains "@visa.com" or $header_from contains "@mastercard.com" or $header_from contains "@tut.by" or $header_from contains ".de" or $header_from contains ".cn" or $header_from contains ".kr" or $header_from contains ".br" or $header_from contains ".by" or $header_from contains ".lan" or $header_from contains ".cl" or $header_from contains ".mx" or $header_from contains ".tw" or $header_from contains ".jp" or $header_from contains "@tutby.com" or $header_to contains ".tw" or $header_to contains ".jp" or $header_to contains ".kr" or $header_from contains "@mbna.com" ) then logwrite "$tod_log $message_id from $sender_address is fraud" seen finish endif ## OTHER FAKE SENDERS SPAM ## Enable this to prevent users using @domain from addresses ## Not recommended since users do use from addresses not on the server ## Log all outgoing mail from server that matches rules if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ( $header_from contains "@hotmail.com" or $header_from contains "@yahoo.com" or $header_from contains "@aol.com" ) then logwrite "$tod_log $message_id from $sender_address is forged fake" seen finish endif ## KNOWN FAKE PHISHING ### Log all outgoing mail from server that matches rules if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ( #Paypal $message_body: contains "Dear valued PayPal member" or $message_body: contains "Dear valued PayPal customer" or $message_body: contains "Dear Paypal" or $message_body: contains "The PayPal Team" or $message_body: contains "Dear Paypal Customer" or $message_body: contains "Paypal Account Review Department" or #Ebay $message_body: contains "Dear eBay member" or $message_body: contains "Dear eBay User" or $message_body: contains "The eBay team" or $message_body: contains "Dear eBay Community Member" or #Banks $message_body: contains "Dear Charter One Customer" or $message_body: contains "Dear wamu.com customer" or $message_body: contains "Dear valued Citizens Bank member" or $message_body: contains "Dear Visa" or $message_body: contains "Dear Citibank" or $message_body: contains "Citibank Email" or $message_body: contains "Dear customer of Chase Bank" or $message_body: contains "Dear Bank of America customer" or #ISPs $message_body: contains "Dear AOL Member" or $message_body: contains "Dear AOL Customer" ) then logwrite "$tod_log $message_id from $sender_address is phishing" seen finish endif # END # All outgoing mail on the server only - what is sent out
ຈາກນັ້ນກະໃຫ້ Save file.
ແລະສ້າງໄຟລສຳລັບເກັບ log /var/log/exim/filter.log:
ດ້ວຍຄຳສັ່ງ
touch /var/log/exim/filter.log
chmod 644 /var/log/exim/filter.log
ແລ້ວສັ່ງ restart exim
service exim restart
ກວດເບິ່ງວ່າເມວໃດສະແປມແດ່
tail -f /var/log/exim/filter.log
ນອກນີ້ຍັງສາມາດກຳນົດ Keyword ໄດ້ເອງນຳໂຕຢ່າງ
or $header_subject: contains “delivery”
or $header_subject: contains “failed”
or $header_subject: contains “Error”
Credit: https://robodesk.biz/index.php?/Knowledgebase/Article/View/469/7/how-to-avoid-sending-bounce-messages-from-the-server-installed-with-directadmin-control-panel