IIXPLANET
Expert 2.0
ini saya ada config bagi yg stress dapat spamming tiap hari , config ini saya paste dari real config cpanel exim filter saya :
langkah pertama :
1 . login ssh as root
2. pico /etc/cpanel_exim_system_filter
( untuk path filter files bisa dilihat di exim configurator di whm )
3. add kan line dibawah ini untuk memfilter dan discard segala text / header yg
dikategorikan sebagai spam list
# MULAI
# Filter semua email masuk dan keluar
logfile /var/log/filter.log 0644
## Spam Pertama
if
# Bagian Header Spam
$header_subject: contains "porn discount"
or $header_subject: contains "promo besar produk"
or $header_subject: contains "Replica watches 25% price off"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $header_subject: contains "ROLEX at unbelievable prices"
or $header_subject: contains "save 90%%% on watches"
or $header_subject: contains "A friend has sent you a Hallmark Ecard"
or $header_subject: contains "Luxury watches should be available to anyone!"
or $header_subject: contains "[SPAM]"
# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Click here to view as a webpage"
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "8dvs9.jpg"
or $message_body: contains "porn"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|spam"
then
# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"
seen finish
endif
## FINANCIAL FAKE SENDERS
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@citibank.com" or
$header_from contains "@bankofamerica.com" or
$header_from contains "@wamu.com" or
$header_from contains "@ebay.com" or
$header_from contains "@chase.com" or
$header_from contains "@paypal.com" or
$header_from contains "@wellsfargo.com" or
$header_from contains "@bankunited.com" or
$header_from contains "@bankerstrust.com" or
$header_from contains "@bankfirst.com" or
$header_from contains "@capitalone.com" or
$header_from contains "@citizensbank.com" or
$header_from contains "@jpmorgan.com" or
$header_from contains "@wachovia.com" or
$header_from contains "@bankone.com" or
$header_from contains "@suntrust.com" or
$header_from contains "@amazon.com" or
$header_from contains "@banksecurity.com" or
$header_from contains "@visa.com" or
$header_from contains "@mastercard.com" or
$header_from contains "@mbna.com"
)
then
logwrite "$tod_log $message_id from $sender_address is fraud"
seen finish
endif
## FAKE SENDERS SPAM
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@hotmail.com" or
$header_from contains "@yahoo.com" or
$header_from contains "@aol.com"
)
then
logwrite "$tod_log $message_id from $sender_address is forged fake"
seen finish
endif
## FAKE PHISHING
### Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
#Paypal
$message_body: contains "Dear Paypal" or
$message_body: contains "The PayPal Team" or
$message_body: contains "Dear Paypal Customer" or
$message_body: contains "Paypal Account Review Department" or
#Ebay
$message_body: contains "Dear eBay member" or
$message_body: contains "Dear eBay User" or
$message_body: contains "The eBay team" or
$message_body: contains "Dear eBay Community Member" or
#Banks
$message_body: contains "Dear Charter One Customer" or
$message_body: contains "Dear wamu.com customer" or
$message_body: contains "Dear valued Citizens Bank member" or
$message_body: contains "Dear Visa" or
$message_body: contains "Dear Citibank" or
$message_body: contains "Citibank Email" or
$message_body: contains "Dear customer of Chase Bank" or
$message_body: contains "Dear Bank of America customer" or
#ISPs
$message_body: contains "Dear AOL Member" or
$message_body: contains "Dear AOL Customer"
)
then
logwrite "$tod_log $message_id from $sender_address is phishing"
seen finish
endif
# Selesai
4. untuk cek email yg sudah berhasil ke filter system , ketik cmd dibawah :
tail -f /var/log/filter.log
dan untuk melihat messages nya :
grep idmessages /var/log/exim_mainlog
langkah pertama :
1 . login ssh as root
2. pico /etc/cpanel_exim_system_filter
( untuk path filter files bisa dilihat di exim configurator di whm )
3. add kan line dibawah ini untuk memfilter dan discard segala text / header yg
dikategorikan sebagai spam list
# MULAI
# Filter semua email masuk dan keluar
logfile /var/log/filter.log 0644
## Spam Pertama
if
# Bagian Header Spam
$header_subject: contains "porn discount"
or $header_subject: contains "promo besar produk"
or $header_subject: contains "Replica watches 25% price off"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $header_subject: contains "ROLEX at unbelievable prices"
or $header_subject: contains "save 90%%% on watches"
or $header_subject: contains "A friend has sent you a Hallmark Ecard"
or $header_subject: contains "Luxury watches should be available to anyone!"
or $header_subject: contains "[SPAM]"
# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Click here to view as a webpage"
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "8dvs9.jpg"
or $message_body: contains "porn"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|spam"
then
# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"
seen finish
endif
## FINANCIAL FAKE SENDERS
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@citibank.com" or
$header_from contains "@bankofamerica.com" or
$header_from contains "@wamu.com" or
$header_from contains "@ebay.com" or
$header_from contains "@chase.com" or
$header_from contains "@paypal.com" or
$header_from contains "@wellsfargo.com" or
$header_from contains "@bankunited.com" or
$header_from contains "@bankerstrust.com" or
$header_from contains "@bankfirst.com" or
$header_from contains "@capitalone.com" or
$header_from contains "@citizensbank.com" or
$header_from contains "@jpmorgan.com" or
$header_from contains "@wachovia.com" or
$header_from contains "@bankone.com" or
$header_from contains "@suntrust.com" or
$header_from contains "@amazon.com" or
$header_from contains "@banksecurity.com" or
$header_from contains "@visa.com" or
$header_from contains "@mastercard.com" or
$header_from contains "@mbna.com"
)
then
logwrite "$tod_log $message_id from $sender_address is fraud"
seen finish
endif
## FAKE SENDERS SPAM
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@hotmail.com" or
$header_from contains "@yahoo.com" or
$header_from contains "@aol.com"
)
then
logwrite "$tod_log $message_id from $sender_address is forged fake"
seen finish
endif
## FAKE PHISHING
### Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
#Paypal
$message_body: contains "Dear Paypal" or
$message_body: contains "The PayPal Team" or
$message_body: contains "Dear Paypal Customer" or
$message_body: contains "Paypal Account Review Department" or
#Ebay
$message_body: contains "Dear eBay member" or
$message_body: contains "Dear eBay User" or
$message_body: contains "The eBay team" or
$message_body: contains "Dear eBay Community Member" or
#Banks
$message_body: contains "Dear Charter One Customer" or
$message_body: contains "Dear wamu.com customer" or
$message_body: contains "Dear valued Citizens Bank member" or
$message_body: contains "Dear Visa" or
$message_body: contains "Dear Citibank" or
$message_body: contains "Citibank Email" or
$message_body: contains "Dear customer of Chase Bank" or
$message_body: contains "Dear Bank of America customer" or
#ISPs
$message_body: contains "Dear AOL Member" or
$message_body: contains "Dear AOL Customer"
)
then
logwrite "$tod_log $message_id from $sender_address is phishing"
seen finish
endif
# Selesai
4. untuk cek email yg sudah berhasil ke filter system , ketik cmd dibawah :
tail -f /var/log/filter.log
dan untuk melihat messages nya :
grep idmessages /var/log/exim_mainlog