ບັນທຶກການ Block incoming and outgoing spam mail ດ້ວຍມື ໃນ exim

by Os555 · Published December 2, 2016 · Updated May 9, 2017

ບັນທຶກການ ບ໋ອກ spam mail ດ້ວຍມື ໃນ exim

ເປັນການກຳນົດ filter ຂອງ exim ເຊິ່ງມີຜົນທັງ incoming / outgoing mail

ສັ່ງຄຳສັ່ງລຸ່ມນີ້ເທື່ອລະຄຳສັ່ງ

cd /etc/virtual

touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders

mkdir usage

chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage

nano /etc/system_filter.exim

ກ໋ອບເອົາຄຳສັ່ງລຸ່່ມນີ້ໄປໃສ່ທ້າຍສຸດຂອງໄຟລ /etc/system_filter.exim:

# START
# Filters all incoming an outgoing mail

logfile /var/log/exim/filter.log 0644
## Common Spam
if

# Header Spam
 $header_subject: contains "Pharmaceutical"
 or $header_subject: contains "Viagra"
 or $header_subject: contains "Cialis"
 or $header_subject: is "The Ultimate Online Pharmaceutical"
 or $header_subject: contains "***SPAM***"
 or $header_subject: contains "[SPAM]"
 or $header_subject: contains "returning message to sender"
 or $header_subject: contains "size"
 or $header_subject: contains "Watches"
 or $header_subject: contains "Replica"
 or $header_subject: contains "carrier"
 or $header_subject: contains "delivery"
 or $header_subject: contains "failed"      
 or $header_subject: contains "Error"

# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body: contains "X-Assp-Spam: YES"

then
# Log Message - SENDS RESPONSE BACK TO SENDER
# SUGGESTED TO LEAVE OFF to prevent fail loops
# and more work for the mail system
# fail text "Message has been rejected because it hasn
#           triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"

 seen finish
endif


# END
# Filters all incoming an outgoing mail


# START
# All outgoing mail on the server only - what is sent out

#Check forwarders so it doesn't get blocked
#Forwarders still work =)

## FINANCIAL FAKE SENDERS
## Log all outgoing mail from server that matches rules

if      (
         $received_protocol is "local"          or
         $received_protocol is "esmtpa"
        ) and (
         $header_from contains "@citibank.com"  or
         $header_from contains "@bankofamerica.com" or
         $header_from contains "@wamu.com"      or
         $header_from contains "@ebay.com"      or
         $header_from contains "@chase.com"     or
         $header_from contains "@paypal.com"    or
         $header_from contains "@wellsfargo.com" or
        $header_from contains "@bankunited.com" or
        $header_from contains "@bankerstrust.com" or
        $header_from contains "@bankfirst.com" or
        $header_from contains "@capitalone.com" or
        $header_from contains "@citizensbank.com" or
        $header_from contains "@jpmorgan.com" or
        $header_from contains "@wachovia.com" or
        $header_from contains "@bankone.com" or
        $header_from contains "@suntrust.com" or
        $header_from contains "@amazon.com" or
        $header_from contains "@banksecurity.com" or
        $header_from contains "@visa.com" or
        $header_from contains "@mastercard.com" or
    $header_from contains "@tut.by" or
    $header_from contains ".de" or
    $header_from contains ".cn" or
    $header_from contains ".kr" or
    $header_from contains ".br" or
    $header_from contains ".by" or
    $header_from contains ".lan" or
    $header_from contains ".cl" or
    $header_from contains ".mx" or
    $header_from contains ".tw" or
    $header_from contains ".jp" or
    $header_from contains "@tutby.com" or
    $header_to contains ".tw" or
        $header_to contains ".jp" or
        $header_to contains ".kr" or
        $header_from contains "@mbna.com"
)
  then
     logwrite "$tod_log $message_id from $sender_address is fraud"
     seen finish
  endif

## OTHER FAKE SENDERS SPAM
## Enable this to prevent users using @domain from addresses
## Not recommended since users do use from addresses not on the server
## Log all outgoing mail from server that matches rules

if      (
         $received_protocol is "local"          or
         $received_protocol is "esmtpa"
        ) and (
        $header_from contains "@hotmail.com" or
        $header_from contains "@yahoo.com" or
        $header_from contains "@aol.com"


)
  then
     logwrite "$tod_log $message_id from $sender_address is forged fake"
     seen finish
  endif

 

## KNOWN FAKE PHISHING
### Log all outgoing mail from server that matches rules

if      (
         $received_protocol is "local"          or
         $received_protocol is "esmtpa"
        ) and (
#Paypal
        $message_body: contains "Dear valued PayPal member" or
        $message_body: contains "Dear valued PayPal customer" or
        $message_body: contains "Dear Paypal" or
        $message_body: contains "The PayPal Team" or
        $message_body: contains "Dear Paypal Customer" or
        $message_body: contains "Paypal Account Review Department" or


#Ebay
        $message_body: contains "Dear eBay member" or
        $message_body: contains "Dear eBay User" or
        $message_body: contains "The eBay team" or
        $message_body: contains "Dear eBay Community Member" or


#Banks
        $message_body: contains "Dear Charter One Customer" or
        $message_body: contains "Dear wamu.com customer" or
        $message_body: contains "Dear valued Citizens Bank member" or
        $message_body: contains "Dear Visa" or
        $message_body: contains "Dear Citibank" or
        $message_body: contains "Citibank Email" or
        $message_body: contains "Dear customer of Chase Bank" or
        $message_body: contains "Dear Bank of America customer" or

 


#ISPs
        $message_body: contains "Dear AOL Member" or
        $message_body: contains "Dear AOL Customer"


        )
  then
     logwrite "$tod_log $message_id from $sender_address is phishing"
     seen finish
  endif

# END
# All outgoing mail on the server only - what is sent out

ຈາກນັ້ນກະໃຫ້ Save file.

ແລະສ້າງໄຟລສຳລັບເກັບ log /var/log/exim/filter.log:

ດ້ວຍຄຳສັ່ງ

touch /var/log/exim/filter.log

chmod 644 /var/log/exim/filter.log

ແລ້ວສັ່ງ restart exim

service exim restart

ກວດເບິ່ງວ່າເມວໃດສະແປມແດ່

tail -f /var/log/exim/filter.log

ນອກນີ້ຍັງສາມາດກຳນົດ Keyword ໄດ້ເອງນຳໂຕຢ່າງ
or $header_subject: contains “delivery”
or $header_subject: contains “failed”
or $header_subject: contains “Error”

Credit: https://robodesk.biz/index.php?/Knowledgebase/Article/View/469/7/how-to-avoid-sending-bounce-messages-from-the-server-installed-with-directadmin-control-panel

ບັນທຶກການ Block incoming and outgoing spam mail ດ້ວຍມື ໃນ exim

You may also like...

Categories

Links ລິ້ງເວັບ

Latest Article ບົດຄວາມຫລ້າສຸດ

Archives

ບັນທຶກການ Block incoming and outgoing spam mail ດ້ວຍມື ໃນ exim

You may also like...

ລ້າງເຄື່ອງລົງໃຫມ່ Ubuntu 14.04 trusty tahr

ບັນທຶກການ Upgrade Laravel 4.0 -> 5.5

ການກູ້ ຄືນ Grub boot ຂອງ linux

Categories

Links ລິ້ງເວັບ

Tags

Latest Article ບົດຄວາມຫລ້າສຸດ

Archives