This is from the ISPConfig 3 Manual - these are regular expressions for Postfix header and body checks: Code: Regexp. Pattern: Filter Type: Explanation: /^Subject: .*Make Money Fast!/ Header Filter Searches for the string Make Money Fast! in the Subject line. /name=[^>]*\.(bat|com|exe|dll)/ MIME-Header Filter This will match all messages that have attachments whose files end in .bat, .com, .exe or .dll. /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ Body Filter Body pattern to stop a specific HTML browser vulnerability exploit. /^From: [email protected]/ Header Filter Matches all messages sent by [email protected]. /^From: .*@example.com/ Header Filter Matches all messages sent from the example.com domain. /Real Bad Words/ Body Filter This matches "real bad words" in any case (upper, lower, or mixed). /^Date: .* 200[0-2]/ Header Filter This matches all emails sent in the years 2000 - 2002. /^Date: .* 19[0-9][0-9]/ Header Filter This matches all emails sent between 1900 and 1999. /^To: [email protected]/ Header Filter Matches all messages sent to [email protected].
thank but actually i was more looking for custom filters other users made. Here is a more fine tuned one out of the manual: Regexp. Pattern: Filter Type: Explanation: /^Content-(Disposition|Type).*name\s*=\s*"?(.*\.(bat|exe|scr|lnk|com))(\?=)?"?\s*(;|$)/x MIME-Header Filter This will match all messages that have attachments whose files end in .bat, .com, .exe or .dll. What i dont understand is what the difference is betwee reject (does a warning go out), ignore and discard. Can you shed some light on it ? Added two cronjobs aswell related to messages who where hold. 10 2 * * * find /var/lib/amavis/virusmails/ -type f -mtime +31 -exec rm {} \; 15 2 * * * find /var/lib/amavis/tmp/ -type f -mtime +31 -exec rm -r {} \;
This is an excellent idea for a thread, and I'm disappointed nobody contributes. The documentation expects the user to know how to use regex, which is far from being straightforward even in simple cases such as making a list of words. example for a list of words for the body filter, case-insensitive, with and without spaces: Code: /badword1|badword2|bad word/i this is a cool tool to test regexp: http://www.gethifi.com/tools/regex
Here are mine: This rejects all mail from non-US sites and gets rid of almost all spam /(from|reply-to|helo).+?<.+?(\.\w+(?<!com|org|net|edu|gov)>)/ REJECT This one rejects mail with no from, message-id, or helo /(from|message-id|helo).+?<>/ Get rid of russian and chinese spam /(GB2312|koi[78]-r)/ DISCARD These three header filters gets rid of most of my spam.
