On 05/06/2020 08:40, Jacques B. Siboni via Exim-users wrote: > Maybe the question is how to filter the pattern after the > > router keyword?
The thing in parentheses (after the H= field) is the HELO name. If that is a consistent thing presented by this spammer, then... there is a variable with the helo. Write an ACL verb that matches that value, and deny the message. Put it in an appropriate ACL (generally, as early as possible in the SMTP conversation). > What can you suggest? Read the documentation. Start with Chapter 3, then go on to the logging chapter, the ACL chapter and the string-expansions chapter. By the way, if you really are logging "H=router" then you have an unusual network setup. If you obfuscated it, then you are making it harder for us to help you. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
