On Tue, Jul 21, 2009 at 05:23:00AM -0700, spawel wrote: > Every day I received a many letters from spammers. All this letters > have different headers. I mean that header "from" contains > "[email protected]" (domain rambler.ru is in white list) and header > "return-path" contains another address [email protected]. And because > of that i tried to write special rule in acl_check_rcpt. > I have two variants, but all of them don not work properly.
In case you don't already know, it's not a good idea to block /all/ mail where
From != Return-Path. Non-spam mail can have From != Return-Path too - for
example, all mail on this mailing list.
> 1)
> warn log_message = "My rule! It works!"
> condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
> hosts =!127.0.0.1 : !localhost : *
> add_header = X-ACL-Warn: warnings
That probably doesn't work because $h_return-path: will usually be something
like "<[email protected]>" and $h_from: will usually be something like "Joe
Smith <[email protected]>".
So I'm guessing that that one /never/ matches, yes?
> 2)
> warn log_message = "From and Return do not matches! SPAM! It works!!!"
> condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
> hosts = !127.0.0.1 : !localhost : *
> add_header = X-ACL-Warn: $return_path
And this one probably /always/ matches, because mostly $return_path and
$sender_address are the same thing (read what the spec has to say about
$return_path).
If you want to test for this at all, you probably want to compare
${address:$h_From:} to $sender_address. But be aware that non-matching does
not mean that it's spam.
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
signature.asc
Description: Digital signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
