I have been using the mail filter in Direct Admin for a while now and it's been very effective.

However, over the last week or so, I have seen a dramatic increase in the number of emails slipping past the filter because they hide the very words that need to be filtered in amongst meaningless html comments.

Take a look at the code in this...

Ho<!-- agnew -->w wo<!-- dihedral -->u<!-- linkage -->ld
y<!-- bergen -->ou li<!-- frictional -->ke t<!-- tapir -->o h<!-- bullwhack -->av<!-- oxford -->e P<!-- murre -->ERF<!-- tunic -->EC<!-- cynic --> CRED<!-- carlisle -->IT?

Which, when the html filters out the comments, says something about perfect credit.

Please, as a matter of urgency, Direct Admin needs to add a function to the filter that ignores the html comments when it's looking for filter words.

Ian Biner
Sapphire Marine
:mad:

Hello,

I'm not sure what we can do. The filters that DA set's up are just exim filters, so DirectAdmin doesn't do any of the filtering, it just sets them up. Perhaps try filtering out

<!--

although, that is a bit generic... anyone have ideas? I'm thinking you'll need a higher level of filtering than exim filters.

John

Originally posted by DirectAdmin Support anyone have ideas? I'm thinking you'll need a higher level of filtering than exim filters.
We're using your spamassassin installation (per your instructions) and are quite happy with it.

Jeff

Actually, I've thought this problem through and had a realisation.

Why would any legitimate html formatted email contain comments? So your suggestion is a good one and has been implemented.

Thanks.

I guess not making that sort of connection is what happens to your brain when it is forced to work on websites until 4 each morning!

I strongly suggest you join the SpamAssassin mailing list at:

https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

whether or not you use SpamAssassin. It's got lots of good posts on the whys and wherefores of various spam rulesets.

Also the Exim mailing list at:

http://www.exim.org/mailman/listinfo/exim-users

For lots of good exim information.

Jeff

Originally posted by jlasman
We're using your spamassassin installation (per your instructions) and are quite happy with it.

Jeff

Where can I find these installation instructions?

thanks

Joe

They were posted somewhere in this forum; that's where I found them.

There was also an additional change I had to make, and I don't remember what it was <frown>. I'll look for it, but in the meantime, Mark or John, if you're reading this, can you verify that the instructions as quoted somewhere in this forum will work properly? It would be appreciated.

I'll eventually have my support website up and things like this will be on it, but I've been too busy to work on it.

Jeff

Hello,

cd /usr/local/directadmin/scripts
./spam.sh

edit your /etc/exim.conf and remove the # charcters from in front of the spamassasin director to make it look like:
# Spam Assassin
spamcheck_director:
driver = accept
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verifyNote this is exim 4

Then just type:

service exim restart

John

Thanks John -

gotta make this post stand out - I'm sure a lot of people would like this information handy.

'preciate your hard work.

Joe

Hello John,

Firstly, thank you for your amazing support to all of us.

I found that my /etc/exim.conf is a little bit different. After running ./spam.sh, I followed the instruction above and restart exim but it failed.

For your information, my /etc/exim.conf spamcheck_director looks like this:

#spamcheck_director:
# condition = "${if eq {$received_protocol}{spam-scanned} {0}{1}}"
# driver = smartuser
# transport = spamcheck

I have removed the # and make it exactly like this:

spamcheck_director:
condition = "${if eq {$received_protocol}{spam-scanned} {0}{1}}"
driver = smartuser
transport = spamcheck

After service exim restart, it did not work either. Could please advice me on what might be wrong or what can I do to make it right?

Thank you,

Reyner N.

Never mind ...

I finally got it fix (needed to upgrade to exim 4.20).

Thank you,

Reyner N.