Mail filters and scumbag spammers... enhancement urgently needed!

ianbiner

Verified User
Joined
Sep 2, 2003
Messages
7
Location
Sydney, Australia
I have been using the mail filter in Direct Admin for a while now and it's been very effective.

However, over the last week or so, I have seen a dramatic increase in the number of emails slipping past the filter because they hide the very words that need to be filtered in amongst meaningless html comments.

Take a look at the code in this...

Ho<!-- agnew -->w wo<!-- dihedral -->u<!-- linkage -->ld
y<!-- bergen -->ou li<!-- frictional -->ke t<!-- tapir -->o h<!-- bullwhack -->av<!-- oxford -->e P<!-- murre -->ERF<!-- tunic -->EC<!-- cynic --> CRED<!-- carlisle -->IT?

Which, when the html filters out the comments, says something about perfect credit.

Please, as a matter of urgency, Direct Admin needs to add a function to the filter that ignores the html comments when it's looking for filter words.

Ian Biner
Sapphire Marine
:mad:
 
Hello,

I'm not sure what we can do. The filters that DA set's up are just exim filters, so DirectAdmin doesn't do any of the filtering, it just sets them up. Perhaps try filtering out

<!--

although, that is a bit generic... anyone have ideas? I'm thinking you'll need a higher level of filtering than exim filters.

John
 
Originally posted by DirectAdmin Support anyone have ideas? I'm thinking you'll need a higher level of filtering than exim filters.
We're using your spamassassin installation (per your instructions) and are quite happy with it.

Jeff
 
Actually, I've thought this problem through and had a realisation.

Why would any legitimate html formatted email contain comments? So your suggestion is a good one and has been implemented.

Thanks.

I guess not making that sort of connection is what happens to your brain when it is forced to work on websites until 4 each morning!
 
They were posted somewhere in this forum; that's where I found them.

There was also an additional change I had to make, and I don't remember what it was <frown>. I'll look for it, but in the meantime, Mark or John, if you're reading this, can you verify that the instructions as quoted somewhere in this forum will work properly? It would be appreciated.

I'll eventually have my support website up and things like this will be on it, but I've been too busy to work on it.

Jeff
 
Hello,

cd /usr/local/directadmin/scripts
./spam.sh

edit your /etc/exim.conf and remove the # charcters from in front of the spamassasin director to make it look like:
Code:
# Spam Assassin
spamcheck_director:
  driver = accept
  condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
  retry_use_local_part
  transport = spamcheck
  no_verify
Note this is exim 4

Then just type:

service exim restart

John
 
Thanks John -

gotta make this post stand out - I'm sure a lot of people would like this information handy.

'preciate your hard work.

Joe
 
Hello John,

Firstly, thank you for your amazing support to all of us.

I found that my /etc/exim.conf is a little bit different. After running ./spam.sh, I followed the instruction above and restart exim but it failed.

For your information, my /etc/exim.conf spamcheck_director looks like this:

#spamcheck_director:
# condition = "${if eq {$received_protocol}{spam-scanned} {0}{1}}"
# driver = smartuser
# transport = spamcheck

I have removed the # and make it exactly like this:

spamcheck_director:
condition = "${if eq {$received_protocol}{spam-scanned} {0}{1}}"
driver = smartuser
transport = spamcheck

After service exim restart, it did not work either. Could please advice me on what might be wrong or what can I do to make it right?

Thank you,

Reyner N.
 
Last edited:
Back
Top