| Disable Functions: Path : /etc/ |
| Current File : //etc/eig_exim_system_filter |
if not first_delivery
then
finish
endif
if ${length_80:$header_date:} is not $header_date:
then
fail text "This message has been rejected because it has\n\
an overlength date field which can be used\n\
to subvert Microsoft mail programs\n\
The following URL has further information\n\
http://www.securityfocus.com/frames/?content=/templates/article.html%3Fid%3D61"
seen finish
endif
if $header_from: contains "@sexyfun.net"
then
fail text "This message has been rejected since it has\n\
the signature of a known virus in the header."
seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
# looks like a real error message - just ignore it
finish
endif
if "${if def:header_X-Spam-Subject: {there}}" is there
then
headers remove Subject
headers add "Subject: $h_X-Spam-Subject:"
headers remove X-Spam-Subject
endif
if not first_delivery
then
finish
endif
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))\\$"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
if ("$h_to:, $h_cc:, $h_bcc" contains "bradley8dc@hotmail.com")
then
fail text "This message has been rejected"
seen finish
endif
if ("$h_to:, $h_cc:, $h_bcc" contains "aelkhaddari@gmail.com")
then
fail text "This message has been rejected"
seen finish
endif
if
$message_body contains "downloadm.zip"
or $message_body contains "reg_pass-data.zip"
then
save "/dev/null" 660
endif
if
$header_message-id CONTAINS "boro-sbs.boro.local"
then
save "/dev/null" 660
endif
if $header_from: matches "((cobranca|financeiro)@srv[0-9][0-9][0-9].(info|teste|site))"
then
fail text "Rejected: Phishing"
seen finish
endif
if
$header_subject CONTAINS "Investment Strategy"
or $header_subject CONTAINS "o de seu iToken / iToken no aplicativo"
or $header_subject CONTAINS "Online Casino"
or $header_subject contains " viagra "
or $header_subject contains " Levitra "
or $header_subject contains " levitra "
or $header_subject CONTAINS " Cialis "
or $header_subject CONTAINS " cialis "
or $header_subject contains " penis "
or $header_subject contains "pen!s"
or $header_subject contains " penile "
or $header_subject CONTAINS " casino "
or $header_subject IS "FDA Approved"
or $header_subject CONTAINS " Erections "
or $header_subject matches "Changes tariff plan.*A Small Orange Hosting"
or $header_subject CONTAINS "Se atalho fosse bom o nome dele seria caminho"
or $header_subject CONTAINS "Ganhar Dinheiro Na Internet Saiba Como"
or $header_subject CONTAINS "Alerta Bradesco Data"
or $header_subject CONTAINS "Kit Toldo Retr"
or $header_subject CONTAINS "Sua conta foi comprometida"
or $header_subject CONTAINS "Los hackers piratearon tu cuenta"
or $header_subject CONTAINS "Conclua para continuar utilizando normalmente seu acesso."
or $header_subject CONTAINS "Dyson V11"
or $header_subject CONTAINS "Quickly write to this cutie"
or $header_subject CONTAINS "Write soon hot beauty"
or $header_subject CONTAINS "only real girl is waiting for you"
or $header_subject CONTAINS "She is real girl"
or $header_subject CONTAINS "real acquaintance with a beautiful girl"
or $header_subject CONTAINS "Real girl"
or $header_subject CONTAINS "Hot super girl"
or $header_subject CONTAINS "Super girl"
or $header_subject CONTAINS "Hot acquaintance with beauty"
or $header_subject CONTAINS "Want to meet a hot beauty!"
or $header_subject CONTAINS "Incredible girl"
or $header_subject IS "Fwd: for all"
or $header_subject IS "Re: for all"
or $header_subject IS "Fw: for all"
or $header_subject matches "Workshop on.*Energy Management"
or $header_subject IS "Notification - Janmashtami Holidays"
or $header_subject IS "Participation in Gandhi Global"
or $header_from contains "750millionstrong.com"
or $header_from contains "@newsletter.aol.com"
or $header_from contains "billing@aol.com"
or $header_from contains "bounce@candly.monster"
or $header_from contains "280zxpilot@gmail.com"
or $header_from contains "medicalfuturist.com"
or $message_body matches "Your account contains more than [0-9]+ directories" and $message_headers does not contain "backupproxy1"
then
save "/dev/null" 660
endif
if $h_subject: is "CAN LEAK EVERYTHING!"
then
seen finish
endif
if $h_subject: contains "CAN LEAK EVERYTHING!"
then
fail text "This message has been rejected since it\n\
matches a known spam campain."
seen finish
endif
if ("$h_subject:" matches "\\\\[ .* \\\\] WARNING The domain \".*\" has reached their disk quota.")
then
fail text "This message has been rejected since it\n\
matches a known phishing campaign."
seen finish
endif