For anyone running Exim as their mail server there is a little known tool you can use to filter mail for the WHOLE server. This prevents having to have each user setup individual filters. If you’re familiar with regular expressions (or Regex) then this filter will be a piece of cake for you to setup. First we need to figure out which file Exim is using as a filter. Open /etc/exim.conf and look for this line:
system_filter=/etc/cpanel_exim_system_filter
It is normally either “antivirus.exim” or “cpanel_exim_system_filter”. In this example it is cpanel_exim_system_filter. Open that file and you will get an idea of how the rules work. Here is a sample rule to block SEO spam.
if
$message_body: matches “(white|black) hat”
then
logwrite “$tod_log $message_id from $sender_address contained spam keywords $0 $1″
fail text “Message has been rejected because it’s SPAM!”
seen finish
endif
In this example the filter checks to see if the message contains “white hat” or “black hat” and if so then it writes to the log, fails the messge and continues processing. You need to be careful using “fail” because most of these emails haveĀ a fake “From:” address and that is who is going to get the fail message.
Discuss at the Exim Filter Forum
