Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ad-inserter domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/blog.webeats.it/httpdocs/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the cookie-law-info domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/blog.webeats.it/httpdocs/wp-includes/functions.php on line 6114
Bloccare le email in uscita in base all'oggetto (exim outgoing mail)

Come bloccare le email in uscita sul nostro server exim creando un filtro sul subject delle email per arginare lo spam in uscita dai nostri server

Se usate Exim 4 come gestore posta sui vostri server, potrebbe allora tornarvi utile questa breve guida per filtrare le email in uscita in base a determinate parole, al fine di evitare che il vostro IP finisca in blacklist a causa di Mass Mail di spam (generato ad esempio da un eventuale WordPress o sito compromesso). Vediamo come procedere!

Apriamo il file /etc/exim4/exim4.conf.template

pico /etc/exim4/exim4.conf.template

e aggiungiamo queste righe (va bene dopo log_selector)

system_filter = /etc/exim4/system_filter
system_filter_user = Debian-exim
system_filter_group = Debian-exim

ora apriamo il file system_filter

pico /etc/exim4/system_filter

e inseriamo al suo interno

# Exim filter
logfile /var/log/exim4_spam.log

if ("$header_subject:" contains "c0ck")
or ("$header_subject:" contains "F%%ck")
or ("$header_subject:" contains "Rule in bedroom")
or ("$header_subject:" contains "F$ck")
then
        logwrite "$tod_log $message_id from $sender_address contained spam keywords: $header_subject"
        seen finish
endif

ovviamente possiamo inserire altri filtri a nostro piacimento o con l’aiuto di questo comando, che ci mostrerà gli oggetti delle nostre email “più usati”

awk -F"T=\"" '/<=/ {print $2}' /var/log/exim4/mainlog | cut -d\" -f1 | sort | uniq -c | sort -n

Ora creiamo il file di log e diamo i giusti permessi (su Ubuntu di solito sono Debian-exim:adm)

touch /var/log/exim4_spam.log
chown Debian-exim:adm /var/log/exim4_spam.log

creiamo una regola in logrotate in modo da gestire la grandezza del file

pico /etc/logrotate.d/exim4-exim4-spam

aggiungiamo queste linee e salviamo

/var/log/exim4_spam.log {
        daily
        missingok
        rotate 10
        compress
        delaycompress
        notifempty
        create 640 Debian-exim adm
}

riavviamo logrotate ed exim4

service rsyslog restart
service exim4 restart

bene ora facciamo qualche prova inviandoci una email da bloccare

echo "Corpo della nostra email di spam" | mail -n -s "c0ck" miaemail@dominio.it

il test dovrebbe ritornarci qualcosa come questa

root@s04:~# cat /var/log/exim4_spam.log  
2016-03-26 02:09:45 1ajcjY-0006PL-W3 from root@s04.webeats.it contained spam keywords
2016-03-26 02:21:38 1ajcv4-0006nZ-SZ from root@s04.webeats.it contained spam keywords
2016-03-26 02:22:01 1ajcvR-0006sJ-8g from root@s04.webeats.it contained spam keywords
2016-03-26 02:32:00 1ajd56-0008TQ-PZ from root@s04.webeats.it contained spam keywords: C0ck
2016-03-26 02:32:21 1ajd5R-0008TY-2p from root@s04.webeats.it contained spam keywords: C0ckd
2016-03-26 02:40:36 1ajdC6-0000BP-Sa from root@s04.webeats.it contained spam keywords: F%%ck
2016-03-26 02:40:40 1ajdDU-0000Kg-7y from root@s04.webeats.it contained spam keywords: F%%ck
2016-03-26 02:41:05 1ajdDt-0000Kr-Pn from root@s04.webeats.it contained spam keywords: c0ck
2016-03-26 02:41:11 1ajdDz-0000Ky-Rg from root@s04.webeats.it contained spam keywords: C0cK

Bloccare le email in uscita in base all’oggetto (outgoing mail)