Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exim filter
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # cPanel System Filter for EXIM #
- # VERSION = 2.0 #
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # Direct modifications to the /etc/cpanel_exim_system_filter file will be lost when the configuration is #
- # next rebuilt. To have modifications retained, please use one of the following options: #
- # #
- # 1) #
- # * Place each sysfilter block you wish to include in a unique file at: #
- # /usr/local/cpanel/etc/exim/sysfilter/options/ #
- # * Enable or disable the custom block in WHM using: #
- # Service Configuration => Exim Configuration Manager => Filters => Custom Filter: [your unique file] #
- # #
- # 2) #
- # * Create a custom sysfilter file in /etc/ #
- # * Change the location of the sysfilter file in WHM using: #
- # Service Configuration => Exim Configuration Manager => Filters => System Filter File #
- # #
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!DO NOT MODIFY THIS FILE DIRECTLY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! #
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # #
- # Only process once #
- # #
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- if not first_delivery
- then
- finish
- endif
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # #
- # Ignore "real" errors #
- # #
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- if error_message and $header_from: contains "Mailer-Daemon@"
- then
- finish
- endif
- # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
- # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments
- # (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
- # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
- ## -----------------------------------------------------------------------
- # Look for single part MIME messages with suspicious name extensions
- # Check Content-Type header using quoted filename [content_type_quoted_fn_match]
- if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
- then
- fail text "This message has been rejected because it has\n\
- potentially executable content $1\n\
- This form of attachment has been used by\n\
- recent viruses or other malware.\n\
- If you meant to send this file then please\n\
- package it up as a zip file and resend it."
- seen finish
- endif
- # same again using unquoted filename [content_type_unquoted_fn_match]
- if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))([\\\\s;]|\\$)"
- then
- fail text "This message has been rejected because it has\n\
- potentially executable content $1\n\
- This form of attachment has been used by\n\
- recent viruses or other malware.\n\
- If you meant to send this file then please\n\
- package it up as a zip file and resend it."
- seen finish
- endif
- ## -----------------------------------------------------------------------
- # Attempt to catch embedded VBS attachments
- # in emails. These were used as the basis for
- # the ILOVEYOU virus and its variants - many many varients
- # Quoted filename - [body_quoted_fn_match]
- if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
- then
- fail text "This message has been rejected because it has\n\
- a potentially executable attachment $1\n\
- This form of attachment has been used by\n\
- recent viruses or other malware.\n\
- If you meant to send this file then please\n\
- package it up as a zip file and resend it."
- seen finish
- endif
- # same again using unquoted filename [body_unquoted_fn_match]
- if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
- then
- fail text "This message has been rejected because it has\n\
- a potentially executable attachment $1\n\
- This form of attachment has been used by\n\
- recent viruses or other malware.\n\
- If you meant to send this file then please\n\
- package it up as a zip file and resend it."
- seen finish
- endif
- ## -----------------------------------------------------------------------
- #### Version history
- #
- # 0.01 5 May 2000
- # Initial release
- # 0.02 8 May 2000
- # Widened list of content-types accepted, added WSF extension
- # 0.03 8 May 2000
- # Embedded the install notes in for those that don't do manuals
- # 0.04 9 May 2000
- # Check global content-type header. Efficiency mods to REs
- # 0.05 9 May 2000
- # More minor efficiency mods, doc changes
- # 0.06 20 June 2000
- # Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
- # 0.07 19 July 2000
- # Latest MS Outhouse bug catching
- # 0.08 19 July 2000
- # Changed trigger length to 80 chars, fixed some spelling
- # 0.09 29 September 2000
- # More extensions... its getting so we should just allow 2 or 3 through
- # 0.10 18 January 2001
- # Removed exclusion for error messages - this is a little nasty
- # since it has other side effects, hence we do still exclude
- # on unix like error messages
- # 0.11 20 March, 2001
- # Added CMD extension, tidied docs slightly, added RCS tag
- # ** Missed changing version number at top of file :-(
- # 0.12 10 May, 2001
- # Added HTA extension
- # 0.13 22 May, 2001
- # Reformatted regexps and code to build them so that they are
- # shorter than the limits on pre exim 3.20 filters. This will
- # make them significantly less efficient, but I am getting so
- # many queries about this that requiring 3.2x appears unsupportable.
- # 0.14 15 August,2001
- # Added .lnk extension - most requested item :-)
- # Reformatted everything so its now built from a set of short
- # library files, cutting down on manual duplication.
- # Changed \w in filename detection to . - dodges locale problems
- # Explicit application of GPL after queries on license status
- # 0.15 17 August, 2001
- # Changed the . in filename detect to \S (stops it going mad)
- # 0.16 19 September, 2001
- # Pile of new extensions including the eml in current use
- # 0.17 19 September, 2001
- # Syntax fix
- #
- #### Install Notes
- #
- # Exim filters run the exim filter language - a very primitive
- # scripting language - in place of a user .forward file, or on
- # a per system basis (on all messages passing through).
- # The filtering capability is documented in the main set of manuals
- # a copy of which can be found on the exim web site
- # http://www.exim.org/
- #
- # To install, copy the filter file (with appropriate permissions)
- # to /etc/exim/system_filter.exim and add to your exim config file
- # [location is installation depedant - typicaly /etc/exim/config ]
- # in the first section the line:-
- # message_filter = /etc/exim/system_filter.exim
- # message_body_visible = 5000
- #
- # You may also want to set the message_filter_user & message_filter_group
- # options, but they default to the standard exim user and so can
- # be left untouched. The other message_filter_* options are only
- # needed if you modify this to do other functions such as deliveries.
- # The main exim documentation is quite thorough and so I see no need
- # to expand it here...
- #
- # Any message that matches the filter will then be bounced.
- # If you wish you can change the error message by editing it
- # in the section above - however be careful you don't break it.
- #
- # After install exim should be restarted - a kill -HUP to the
- # daemon will do this.
- #
- #### LIMITATIONS
- #
- # This filter tries to parse MIME with a regexp... that doesn't
- # work too well. It will also only see the amount of the body
- # specified in message_body_visible
- #
- #### BASIS
- #
- # The regexp that is used to pickup MIME/uuencoded body parts with
- # quoted filenames is replicated below (in perl format).
- # You need to remember that exim converts newlines to spaces in
- # the message_body variable.
- #
- # (?:Content- # start of content header
- # (?:Type: (?>\s*) # rest of c/t header
- # [\w-]+/[\w-]+ # content-type (any)
- # |Disposition: (?>\s*) # content-disposition hdr
- # attachment) # content-disposition
- # ;(?>\s*) # ; space or newline
- # (?:file)?name= # filename=/name=
- # |begin (?>\s+) [0-7]{3,4} (?>\s+)) # begin octal-mode
- # (\"[^\"]+\. # quoted filename.
- # (?:ad[ep] # list of extns
- # |ba[st]
- # |chm
- # |cmd
- # |com
- # |cpl
- # |crt
- # |eml
- # |exe
- # |hlp
- # |hta
- # |in[fs]
- # |isp
- # |jse?
- # |lnk
- # |md[be]
- # |ms[cipt]
- # |pcd
- # |pif
- # |reg
- # |scr
- # |sct
- # |shs
- # |url
- # |vb[se]
- # |ws[fhc])
- # \" # end quote
- # ) # end of filename capture
- # [\s;] # trailing ;/space/newline
- #
- #
- ### [End]
- # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments
- # BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite
- # (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
- # or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
- if "${if def:header_X-Spam-Subject: {there}}" is there
- then
- headers remove Subject
- headers add "Subject: $rh_X-Spam-Subject:"
- headers remove X-Spam-Subject
- endif
- # END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite
- # Adding the settings for enviromatters forwarding harjeet
- if first_delivery
- and ("$h_from:" contains "harjeet@enviromatters.co.nz")
- and not ("$h_X-Spam-Checker-Version:" begins "SpamAssassin")
- then
- unseen deliver "directors@enviromatters.co.nz"
- endif
- # Barry
- if first_delivery
- and ("$h_from:" contains "bf@enviromatters.co.nz")
- and not ("$h_X-Spam-Checker-Version:" begins "SpamAssassin")
- then
- unseen deliver "directors@enviromatters.co.nz"
- endif
- #Chetan
- if first_delivery
- and ("$h_from:" contains "ct@enviromatters.co.nz")
- and not ("$h_X-Spam-Checker-Version:" begins "SpamAssassin")
- then
- unseen deliver "directors@enviromatters.co.nz"
- endif
- #Russell
- if first_delivery
- and ("$h_from:" contains "russell@enviromatters.co.nz")
- and not ("$h_X-Spam-Checker-Version:" begins "SpamAssassin")
- then
- unseen deliver "directors@enviromatters.co.nz"
- endif
- #TestAccount
- if first_delivery
- and ("$h_from:" contains "harman@enviromatters.co.nz")
- and not ("$h_X-Spam-Checker-Version:" begins "SpamAssassin")
- then
- unseen deliver "directors@enviromatters.co.nz"
- endif
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement