Hi There,
Tried googling for quite a bit, but didn't really find what I was after.
What I'm trying to do is log a specific header line in the received: portion to
a different log file.
Basically we've got a simple filter we've created for our exim which blocks
email to specific domains (for spam reasons). We think we've got a bucketload
of compromised accounts but want to capture them. The filter is currently:
deny message = Domain $domain is prohibited for outgoing mails
domains = lsearch;/etc/exim4/restricted_domains
This is under acl_check_rcpt:
What we wish to do is expand the header and then write this to a different log
file
So using:
'${sg{$h_Received:}{\N\n[ \t]\N}{ }}'
Which returns a better header we then want to search for our inserted variable
(from another mail system) of authenticated sender .. like in this line:
from xxxx (unknown [xx.xx.xx.xx]) (Authenticated sender: [email protected]) by
xx.nz (Postfix) with ESMTPA id E4685935877 for <[email protected]>; Tue, 17 Nov 2015
13:12:33 +1300 (NZDT)
So we want to write this bit (Authenticated sender:
[email protected]<mailto:[email protected]>) into a separate log file.
Possible? I'll admit to not being an expert on the exim variables etc.
Thanks for any replies.
Cheers,
Daniel
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
