This is from my incoming log: Date: Sat Nov 13 07:30:30 CST 2004 XPri: [EMAIL PROTECTED] From: [EMAIL PROTECTED] <[EMAIL PROTECTED] (bandy)> Rept: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subj: magnitude satisfactory transmit cabdriver ragging Actn: OK (from-file -optional -autocdb ~/.tmda/lists/confirmed ok) (4783)
[EMAIL PROTECTED] is in my confirmed file. mobius-soft.com (or any wildcard variation of it), is not. Neither is [EMAIL PROTECTED] I can send you my confirmed file and incoming filter file if it will help. >From what you have described, it looks like it's matching the Reply To header. Is there a way to force it to look at From first and make that field take precedence if it's different than Reply To? Thanks, Andrea ----- Original Message ----- From: David Grimberg To: 'Andrea Whitlock' ; [EMAIL PROTECTED] Sent: Thursday, November 18, 2004 10:10 AM Subject: RE: How to Force Exact Matches for Confirmed or Whitelisted Addresses? Andrea, One thing you need to be aware of is that TMDA attempts to match against 3 to 4 different addresses when an email arrives as well as entire domains. So even if the address listed in the from header of the email indicates that it's from [EMAIL PROTECTED] the envelope sender or reply-to header may be [EMAIL PROTECTED] which would get a positive match. The addresses that TMDA checks that I'm aware of are the envelope sender (which does not appear as a header anywhere in the message) the From: header, the Reply-To: header and possibly the X-Primary-Address: header. Further if any of your list files contain mobius-soft.com as an address then the entire domain will match that rule regardless of the user portion of the email address. If you check your LOGFILE_INCOMING log file, you should be able to determine what addresses are involved. In the log file the Xpri: field corresponds to the X-Primary-Address header, the Sndr: field corresponds to the envelope sender, the From: field of course goes with the From header, and the Rept: field corresponds to the Reply-To header. The Actn: field of the messages log entry lists what action was taken (e.g. OK, DELIVER, CONFIRM, etc.) and if the action is the result of a filter rule, the rule will be listed in parentheses following the name of the action taken (e.g. Actn: OK (from-file ~/.tmda/lists/confirmed ok) ) By default TMDA does not match substrings of addresses (other than domains) unless you specify certain wildcards in the address. For example this rule: >From [EMAIL PROTECTED] ok Is the same as >From mobius-soft.com ok And will match any email sent from the domain mobius-soft.com. This rule: >From [EMAIL PROTECTED] ok Will match any email sent from someone with andrea as the last part of their username and from any host in the mobius-soft.com domain e.g. [EMAIL PROTECTED] would match this rule as would [EMAIL PROTECTED] The thing to note is that substrings are only matched when your rules specify that they should be checked, otherwise all the matching is exact. Dave > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andrea Whitlock > Sent: Thursday, November 18, 2004 6:29 AM > To: [EMAIL PROTECTED] > Subject: How to Force Exact Matches for Confirmed or > Whitelisted Addresses? > > I have this address in my confirmed file: > > [EMAIL PROTECTED] > > I am receiving spam from these forged addresses: > > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > How do I make TMDA do an exact match on the address in the > confirmed file? > It looks like it matches substrings and not the exact string. > > Andrea > > _____________________________________________ > tmda-users mailing list ([EMAIL PROTECTED]) > http://tmda.net/lists/listinfo/tmda-users > _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
