Re: [exim] Hotmail spam issue

[Craig Jackson]

 

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of David Saez Padros
> Sent: Saturday, December 22, 2007 1:17 PM
> To: Craig Jackson
> Cc: exim-users@exim.org
> Subject: Re: [exim] Hotmail spam issue
> 
> hi
> 
> we do this that way:
> 
>    warn    set acl_m2     =
> 
>    warn    condition      = ${if def:h_x-originating-ip:}
>            set acl_m2     = ${sg {$h_x-originating-ip:}{(\\[|\\])}{}}
> 
>    warn    condition      = ${if eq {$acl_m2}{}}
>            condition      = ${if def:h_x-mdremoteip:}
>            set acl_m2     = ${sg {$h_x-mdremoteip:}{(\\[|\\])}{}}
> 
>    deny    condition      = ${if isip{$acl_m2}}
>         dnslists       = bl.spamcop.net/$acl_m2 : \
>                             sbl-xbl.spamhaus.org/$acl_m2 : \
>                             virbl.dnsbl.bit.nl/$acl_m2 : \
>                             list.dsbl.org/$acl_m2
>            message        = Originating IP listed at $dnslist_domain
>            log_message    = Blacklisted originating IP \
>                             ($acl_m2 listed at $dnslist_domain)
> 
> > Hi,
> > 
> > We get some spam over the Hotmail.com network. The only way 
> that I can 
> > tell where the mail is actually originating from is the 
> originating ip 
> > header that hotmail adds to the email which looks like this
> > 
> > X-Originating-IP: [41.219.194.12]
> > 
> > What's the best way to have exim set this ip address into a 
> variable 
> > such as acl_mx? I've looked at match and sg but I can't put this 
> > together.
> >
David,

Okay, your response is greatly appreciated and has set me in motion to
do exactly what I want to do. Here's the relevant section from the data
acl:
 
warn    condition = ${if def:h_X-Originating-IP:}
       set acl_m1M = ${if
match{$h_X-Originating-IP:}{\N\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\N}{$0}{
0}}

warn    message = X-Spam: OIP $acl_m1M on spammer network
        condition = ${if !eq{$acl_m3}{0}}
        condition = ${if isip{$acl_m1M}}
        condition = ${if match_ip{$acl_m1M}{${sg {${lookup
mysql{TAG_BADNETWRKS}}}{\n}{:}}}{1}{0}}

deny    condition      = ${if isip{$acl_m1M}}
        condition       = ${if !eq{$acl_m3}{0}}
          dnslists       = bl.spamcop.net/$acl_m1M
        message        = Originating IP listed at $dnslist_domain
        log_message    = Blacklisted originating IP \
                       ($acl_m1M listed at $dnslist_domain)

THANKS a bunch!

Craig

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/