best method to filter on content


- Forums - Reply - Statistics - Search -

ECM2 Forum / ECM2 Installation / best method to filter on content

Author	Message
pauldid Member	# Posted: 14 Jul 2008 21:02 Reply What is the best way to filter email based on the content of the message body? How about an interface in future upgrade of ECM2 to manage this?
George Admin	# Posted: 15 Jul 2008 08:58 Reply deny message = This message matches a blacklisted regular expression \ ($regex_match_string) regex = Rolex : Pharmacy You have that in exim configure file... No interface yet in ecm2. regex can be a little difficult at first, so read all about it. http://en.wikipedia.org/wiki/Regular_expression
pauldid Member	# Posted: 15 Jul 2008 13:09 Reply George, Thanks. That will work for now.
pauldid Member	# Posted: 16 Jul 2008 09:17 Reply I tried to use this method but it does not seem to be working. Even the default regex list of Rolex : Pharmacy is not being filtered out, because there are messages with the word Rolex getting delivered to local mailboxes. Is there something I need to do to enable the filtering?
George Admin	# Posted: 16 Jul 2008 09:26 Reply filtering does not work between your own users... test it from the "outside" Technical details of permanent failure: PERM_FAILURE: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 This message matches a blacklisted regular expression (Pharmacy) (state 18). ----- Original message -----
pauldid Member	# Posted: 16 Jul 2008 11:12 Reply I figured that it would not work between local users because they are authenticated before the acls get processed. The messages that are getting through are ones coming from outside the network. I tested with a gmail account and it does appear to be working at least for those messages I sent but others are getting through. Very strange.
George Admin	# Posted: 16 Jul 2008 11:15 Reply Did you restart exim after adding words to regex?
pauldid Member	# Posted: 17 Jul 2008 09:48 Reply Yes, restarted exim and the same behavior persists. I figured out how it is getting through. We had transferred all our domains from our old mail server to the new one running ECM2 and had not yet turned off the old server and one spammer was sending messages to the old server that was then forwarding the message to the ECM2 server. The ECM2 was trusting the old server and therefor accepting the messages. Shut down old server and problem is solved.