Bu kurallarla bir çok spam mailden sunucunuzu koruyacaksınız,
karya eğitim ve diğer diksiyon eğitimi dvd usb kelimleleri fitrelenmiştir.
Bu isimlerle gelen mailler otomatikman reddedilecektir.
Kullanım şekli
Sunucunuzdan SFtp veya SSH protokolünden düzenleyebilirsiniz.
Kendi kafanıza göre öncelikle bir dosya yaratmanız gerekmektedir.
Örnek kuralların olduğu dosya :
if not first_delivery
then
finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
finish
endif
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# BEGIN - Included from /usr/local/cpanel/etc/exim/sysfilter/options/attachments
# (Use the Basic Editor in the Exim Configuration Manager in WHM to change)
# or manually edit /etc/exim.conf.localopts and run /scripts/buildeximconf
## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))([\\\\s;]|\\$)"
then
fail text "This message has been rejected because it has\n\
potentially executable content $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\"[^\"]+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])\")[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\\\\s*)[\\\\w-]+/[\\\\w-]+|Disposition:(?>\\\\s*)attachment);(?>\\\\s*)(?:file)?name=|begin(?>\\\\s+)[0-7]{3,4}(?>\\\\s+))(\\\\S+\\\\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\\\\s;]"
then
fail text "This message has been rejected because it has\n\
a potentially executable attachment $1\n\
This form of attachment has been used by\n\
recent viruses or other malware.\n\
If you meant to send this file then please\n\
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
if "${if def:header_X-Spam-Subject: {there}}" is there
then
headers remove Subject
headers add "Subject: $rh_X-Spam-Subject:"
headers remove X-Spam-Subject
endif
# END - Included from /usr/local/cpanel/etc/exim/sysfilter/options/spam_rewrite
if ($message_headers contains "karya")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "ruscaakademi")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "sndgelisim")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "flashbellek")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "flash bellek")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "sektoreltanitim")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "santanitim")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "flash bellek")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "ulkemuhasebe")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "yoneticiokulu")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "hack")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "hacked")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "wifi")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "camera")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "viagra")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "drone")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "skincare")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "hair")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "skin")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "red light")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "Military Grade")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "Heart Attack")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "Miami, FL 33131")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "Night Lights")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "Shocking Solution")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "CVS")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "pharma")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "atkinson")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "***")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "****")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "aresakademi")
then
fail text "SPAM (200)."
endif
if ($message_headers contains "diyalogyonetim")
then
fail text "SPAM (200)."
endifBu dosyayı /etc altında kural_spam gibi bir isimle kayıt etmeniz gerekmektedir.
Bu kuralları sırasıyla,
WHM/Ana sayfa /Hizmet Yapılandırması /Exim Yapılandırma Yöneticisi/Filters/System Filter File kısmından cPanel'in standart kuralı dışında yol olarak ,
/etc/kural_spam gibi bir dizin belirtlemiz gerekmekte ardından ayarları kayıt edip exim servisini yeniden başlatın.
Artık bu isimlerle sunucunuza posta gelmeyecek.
İkincil bir husus ısrarla spam göndermeye istismara açık domain listeleri:
Sırasıyla
WHM/Ana sayfa /E-posta /Filter Incoming Emails by Domain kısmına bu kuralları ekliyoruz.
*.beauty *.edu.vn *.lol *.lstrk.net *.ml *.online *.pics *.pk *.selfbound.net *.shop *.tk *.xyz amazingupsopinionrequestedvsfvbvjoh.com cafe-lola-burbach.de chauffeurdriven.info ckwggt.ru comeso.org earwaxtvidlercleanermnoiovvcp.com gmtls.nl kiwik.nl orientsberry.com rudyringsholidaygamepdrppshum.com samsclubssurvey.shop untdstatdropromuniflamtiontllwvjcyp.com untdstatdropromuniflamtionzqiayxrkt.com verdeblufestival.com zipsitesolutions.comardından kayıt et dediğimiz de bu uzantılarla gelen mailler otomatikman reddedilecektir.
ConfigServer Security & Firewall için perma ban ip listeleri:
Sırasıyla
WHM/Ana sayfa /Eklentiler /ConfigServer Security & Firewall
kısmına giriyoruz ardından
Firewall Deny Ips menüsüne giriyoruz
veya /etc/csf/csf.deny kısmından metin editörüyle açıyoruz
.0/24 son kısmı engeller
0/16 sondan 2 blok kısmı engeller
195.133.20.0/16 87.246.7.0/24 212.70.149.0/24 193.56.29.0/24 212.70.149.0/24 193.56.29.0/24 2.57.122.0/24 85.202.169.0/24 2.56.57.0/24 85.202.169.0/24 87.246.7.0/24 5.34.205.0/24 149.202.61.0/24 51.12.82.0/24 20.196.212.0/24 51.12.82.0/24 20.205.0.0/16 65.52.171.0/24 5.34.207.0/24 45.148.142.0/24 92.52.217.0/24 103.212.37.0/24 46.148.40.0/24 80.94.95.0/24 46.148.40.0/24 176.111.173.0/24 193.106.31.0/24 185.119.81.0/24 185.102.170.0/24 45.156.0.0/24 103.186.0.0/24 202.94.0.0/24 103.198.0.0/24 45.156.22.0/24 45.156.27.0/24 103.212.36.0/24 46.148.40.178 67.227.0.0/24 163.123.142.0/24 209.85.160.0/24 211.100.47.0/24 5.31.250.0/24 45.139.105.0/24 62.197.136.0/24 163.123.142.0/24 213.152.0.0/24 151.115.0.0/24 37.0.13.0/24İp numaralarını kayıt ediyoruz, bu ip numaraları çoğu scam fake mail gönderim yapan ip bloklarıdır kalıcı olarak banlayabilirsiniz.
Sağlam olmasını istiyorsanız eğer aynı ip kurallarını
WHM/Ana sayfa /Güvenlik Merkezi /cPHulk Kaba Kuvvet Koruması kısmına kara liste yönetimine de ekleyebilirsiniz.
Olası ip ve domainler yenileriyle güncellenecektir.
Spamsız günler dilerim
