December 19, 2009

Prevent spam using antivirus.exim

You need root access to your Cpanel server as usual.
First off we need to create a special log file for these filters do this:


touch /var/log/filter.log
chmod 0644 /var/log/filter.log


Now open up the configuration file


vi /etc/antivirus.exim


It should have a whole whack of comments at the top.
Here’s the webhostgear.com antivirus.exim configuration. Simple add this to your existing file, save the changes and they take effect instantly.

logfile /var/log/filter.log 0644
if (
$message_body: contains " AFML " or
$message_body: contains " AGAO " or
$message_body: contains " AUNI-OTC-BB " or
$message_body: contains " AUNI " or
$message_body: contains " APPM " or
$message_body: contains " APWL " or
$message_body: contains " BLNM " or
$message_body: contains " CBFE " or
$message_body: contains " CBRJ " or
$message_body: contains " CHFR " or
$message_body: contains " CNHC " or
$message_body: contains " CGDC " or
$message_body: contains " CGKY " or
$message_body: contains " CRSVF " or
$message_body: contains " CTXE " or
$message_body: contains " CWTD " or
$message_body: contains " CYRR " or
$message_body: contains " DIAAF " or
$message_body: contains " DPER " or
$message_body: contains " EPRT " or
$message_body: contains " EQTD " or
$message_body: contains " FCCN " or
$message_body: contains " FCYI " or
$message_body: contains " FTRM " or
$message_body: contains " GGTs " or
$message_body: contains " GTEM " or
$message_body: contains " GDKI " or
$message_body: contains " HYWI " or
$message_body: contains " HXPN " or
$message_body: contains " HER-2 " or
$message_body: contains " IWRs " or
$message_body: contains " KKPT " or
$message_body: contains " KMAG " or
$message_body: contains " LITL " or
$message_body: contains " LOMJ " or
$message_body: contains " LYJN " or
$message_body: contains " MHII " or
$message_body: contains " MISJ " or
$message_body: contains " MPRG " or
$message_body: contains " NMXC " or
$message_body: contains " NSLT " or
$message_body: contains " PCAI.PK " or
$message_body: contains " PGCN " or
$message_body: contains " PHYA " or
$message_body: contains " PPTL " or
$message_body: contains " PSUD " or
$message_body: contains " QEGY " or
$message_body: contains " QCPC " or
$message_body: contains " RRLB " or
$message_body: contains " RTCI " or
$message_body: contains " SBNs " or
$message_body: contains " SFWJ " or
$message_body: contains " SORD " or
$message_body: contains " SRRL " or
$message_body: contains " SWNM " or
$message_body: contains " TORA " or
$message_body: contains " UMSY " or
$message_body: contains " UTEV " or
$message_body: contains " UTVG " or
$message_body: contains " VMSI " or
$message_body: contains " VNBL " or
$message_body: contains " VTSs " or
$message_body: contains " WBRs " or
$message_body: contains " WEXE " or
$message_body: contains " WHKA.PK " or
$message_body: contains " WYSK " or
$header_subject: contains "Pharmaceutical"
or $header_subject: contains "Viagra"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "Viaagrra"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"
) then
logwrite "$tod_log $message_id $header_from $header_subject contains known spammy stock symbol"
seen finish
endif

No comments:

Post a Comment