نمایش نتایج: از شماره 1 تا 2 , از مجموع 2

موضوع: جلوگیری از اسپم با Antivirus.exim

  1. #1
    مدیر کل Vahid آواتار ها
    تاریخ عضویت
    Aug 2008
    نوشته ها
    2,724
    تشکر تشکر کرده 
    435
    تشکر تشکر شده 
    6,958
    تشکر شده در
    2,085 پست

    پیش فرض جلوگیری از اسپم با Antivirus.exim

    Cpanel servers have a nice little file called antivirus.exim. Most of you probably have never of this magic little gem. It’s a central filter for the exim mail server that lets you setup all kinds of wonderful filters to help stop spam from coming in and going out of your server.
    I’m going to share my /etc/antivirus.exim config file with you guys because I hate spam and you do as well. This will help protect you and therefore protect me as well because your server might be spamming mine one day.
    First off the default /etc/antivirus.exim has a couple different rule sets in it. The main ones are attachment filters to help stop email viruses from your users. They stop things like .src and .com and .exe attachments.
    This shows you some custom rules to stop spammers from sending out of your server, you can also use it to stop spam from coming in. I don’t really go into a lot of detail for filtering incoming mail since other applications like Spam Assassin handle that better IMO.
    You need root access to your Cpanel server as usual.
    First off we need to create a special log file for these filters do this
    touch /var/log/filter.log
    chmod 0644 /var/log/filter.log


    Article provided by WebHostGear.com

    Now open up the configuration file
    vi /etc/antivirus.exim It should have a whole whack of comments at the top.
    Here’s the webhostgear.com antivirus.exim configuration. Simple add this to your existing file, save the changes and they take effect instantly.

    ### CUSTOM WEBHOSTGEAR.COM FILTERS by Steven Leggett info@webhostgear.com
    ################################################## ####

    # START
    # Filters all incoming an outgoing mail
    logfile /var/log/filter.log 0644
    ## Common Spam
    if# Header Spam
    $header_subject: contains "Pharmaceutical"
    or $header_subject: contains "Viagra"
    or $header_subject: contains "Cialis"
    or $header_subject: is "The Ultimate Online Pharmaceutical"
    or $header_subject: contains "***SPAM***"
    or $header_subject: contains "[SPAM]"
    # Body Spam
    or $message_body: contains "Cialis"
    or $message_body: contains "Viagra"
    or $message_body: contains "Leavitra"
    or $message_body: contains "St0ck"
    or $message_body: contains "Viaagrra"
    or $message_body: contains "Cia1iis"
    or $message_body: contains "URGENT BUSINESS PROPOSAL"
    or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
    or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|dewacolok"then
    # Log Message - SENDS RESPONSE BACK TO SENDER
    # SUGGESTED TO LEAVE OFF to prevent fail loops
    # and more work for the mail system
    #fail text "Message has been rejected because it hasn
    # triggered our central filter."
    logwrite "$tod_log $message_id from $sender_address contained spam keywords" seen finish
    endif
    # END
    # Filters all incoming an outgoing mail
    # START
    # All outgoing mail on the server only - what is sent out#Check forwarders so it doesn't get blocked
    #Forwarders still work =)## FINANCIAL FAKE SENDERS
    ## Log all outgoing mail from server that matches rules
    logfile /var/log/filter.log 0644
    if (
    $received_protocol is "local" or
    $received_protocol is "esmtpa"
    ) and (
    $header_from contains "@citibank.com" or
    $header_from contains "@bankofamerica.com" or
    $header_from contains "@wamu.com" or
    $header_from contains "@ebay.com" or
    $header_from contains "@chase.com" or
    $header_from contains "@paypal.com" or
    $header_from contains "@wellsfargo.com" or
    $header_from contains "@bankunited.com" or
    $header_from contains "@bankerstrust.com" or
    $header_from contains "@bankfirst.com" or
    $header_from contains "@capitalone.com" or
    $header_from contains "@citizensbank.com" or
    $header_from contains "@jpmorgan.com" or
    $header_from contains "@wachovia.com" or
    $header_from contains "@bankone.com" or
    $header_from contains "@suntrust.com" or
    $header_from contains "@amazon.com" or
    $header_from contains "@banksecurity.com" or
    $header_from contains "@visa.com" or
    $header_from contains "@mastercard.com" or
    $header_from contains "@mbna.com"
    )
    then
    logwrite "$tod_log $message_id from $sender_address is fraud"
    seen finish
    endif## OTHER FAKE SENDERS SPAM
    ## Enable this to prevent users using @domain from addresses
    ## Not recommended since users do use from addresses not on the server
    ## Log all outgoing mail from server that matches rules
    logfile /var/log/filter.log 0644
    if (
    $received_protocol is "local" or
    $received_protocol is "esmtpa"
    ) and (
    $header_from contains "@hotmail.com" or
    $header_from contains "@yahoo.com" or
    $header_from contains "@aol.com"
    )
    then
    logwrite "$tod_log $message_id from $sender_address is forged fake"
    seen finish
    endif ## KNOWN FAKE PHISHING
    ### Log all outgoing mail from server that matches rules
    logfile /var/log/filter.log 0644
    if (
    $received_protocol is "local" or
    $received_protocol is "esmtpa"
    ) and (
    #Paypal
    $message_body: contains "Dear valued PayPal member" or
    $message_body: contains "Dear valued PayPal customer" or
    $message_body: contains "Dear Paypal" or
    $message_body: contains "The PayPal Team" or
    $message_body: contains "Dear Paypal Customer" or
    $message_body: contains "Paypal Account Review Department" or
    #Ebay
    $message_body: contains "Dear eBay member" or
    $message_body: contains "Dear eBay User" or
    $message_body: contains "The eBay team" or
    $message_body: contains "Dear eBay Community Member" or
    #Banks
    $message_body: contains "Dear Charter One Customer" or
    $message_body: contains "Dear wamu.com customer" or
    $message_body: contains "Dear valued Citizens Bank member" or
    $message_body: contains "Dear Visa" or
    $message_body: contains "Dear Citibank" or
    $message_body: contains "Citibank Email" or
    $message_body: contains "Dear customer of Chase Bank" or
    $message_body: contains "Dear Bank of America customer" or
    #ISPs
    $message_body: contains "Dear AOL Member" or
    $message_body: contains "Dear AOL Customer"
    )
    then
    logwrite "$tod_log $message_id from $sender_address is phishing"
    seen finish
    endif# END
    # All outgoing mail on the server only - what is sent out
    برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
    يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
    ارتباط مستقیم با من :
    Admin -{(@)}- WebHostingTalk . ir

  2. # ADS




     

  3. #2
    مدیر کل Vahid آواتار ها
    تاریخ عضویت
    Aug 2008
    نوشته ها
    2,724
    تشکر تشکر کرده 
    435
    تشکر تشکر شده 
    6,958
    تشکر شده در
    2,085 پست

    پیش فرض

    The log file will have the logging format like this:
    /var/log/filter.log
    2006-05-10 12:05:13 1Fds7S-0002Sa-MV from smooth595@gmail.com contained spam keywords
    2006-05-10 14:18:47 1FduCn-0006GV-1r from dayton.nowellu7xn@gmail.com contained spam keywords
    2006-04-27 15:44:35 1FZDLn-0005Mo-5z from nobody@ocean.wavepointmedia.com is fraud
    2006-04-27 16:37:40 1FZEB9-0002KQ-VP from nobody@ocean.wavepointmedia.com is phishing

    Date and time, the Exim message ID, the sender and the section of the filter, like phishing, fraud or spam. You can check the mail message by grepping the exim_mainlog for it like this
    grep 1FZEB9-0002KQ-VP /var/log/exim_mainlog
    If you haven’t already you should enable a higher level of logging in your mail server which will be in our next tutorial.
    برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
    يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
    ارتباط مستقیم با من :
    Admin -{(@)}- WebHostingTalk . ir

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

موضوعات مشابه

  1. شناسایی اسکریپت های ارسال اسپم در Exim
    توسط h.rezazadeh در انجمن سایر لینوکس ها
    پاسخ ها: 0
    آخرين نوشته: February 24th, 2016, 20:19
  2. ارسال نکردن ایمیل و مشکل در exim و ریست نشدن exim
    توسط tanhasystem در انجمن سی پنل CPanel
    پاسخ ها: 1
    آخرين نوشته: January 8th, 2012, 23:23
  3. ورژن جدید ESET NOD32 Antivirus 4
    توسط GOD در انجمن مباحث دیگر
    پاسخ ها: 3
    آخرين نوشته: January 27th, 2011, 18:23
  4. Antivirus for windows server?
    توسط DlGar_26 در انجمن سوالات و مشکلات
    پاسخ ها: 5
    آخرين نوشته: January 22nd, 2011, 00:22
  5. فروش دامنه antivirus-ir.com
    توسط javadhey در انجمن فروش دامین
    پاسخ ها: 0
    آخرين نوشته: September 25th, 2009, 22:13

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •