I figured it out finally. The issue was that the actual contents of the Reply_To field presented to the .filter are "name <address>", but I was assuming that it was just "address", so the match regexp was wrong. The command line test I used had just "address", so it worked, even though it didn't work when actually applied. Here is a simple .forward that implements this:
# Exim filter if error_message then seen finish endif # # The reply looks like "name <address>" # if $reply_address matches .*campus\.edu>\$ then unseen deliver [EMAIL PROTECTED] unseen finish else seen finish endif If the email is from campus.edu it is forwarded to somebody_else. The "unseen" in front of deliver and finish tell the filter that no significant event was seen (even though one was), so at the end it delivers the message to the To: recipient also. If the email is not from campus.edu it goes straight to "seen finish", which is, as described in the filter documentation, a black hole. Nothing is delivered, and nothing is sent back to the sender. Of course if the Reply_to header is faked the mail will still go through. Regards, David Mathog [EMAIL PROTECTED] Manager, Sequence Analysis Facility, Biology Division, Caltech -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
