Hallo everyone,
I try to solve what I can on my own and solve what's poosible by
RTFMing, FAQs, experimenting etc., but this time I'm utterly stumped.
Background: we stop a lot of spam delivered directly to us with the
regular filters. But, we're going to be more and more exposed to this
stuff being delivered (force-injected) via a specific MS Exchange server
whose admins don't seem to know very much about anything. They've
already started delivering spam that our normal filters can't stop.
At the same time I'd like to filter spam force-delivered by out
fall-back mail servers, three flies at one swipe.
So, I want to filter message headers on 1: spam-relaying servers and 2:,
if 1: is positive, see if they're delivering spam from the addresses in
our spam data bases.
System Filter, this works:
if ($message_headers contains "Received: from MSExchange.server.nl" or
$message_headers contains "Received: from fallback.server1.net" or
$message_headers contains "Received: from fallback.server2.net")
then
log "$tod_log $message_id SPAM-X-UIDL: sender=$sender_address \
subject=$header_subject: recipients_count=$recipients_count \
recipients=$header_to"
save /var/mail/blocked/trojanhorsespam
endif
But - we yet have to consult the spammer databases. The following
doesn't work, nor any variant of it that I can dream up:
After the first if-block, if an IP number or host address is present in
the header, is it also present in the databases?
then
if ($message_headers contains "${lookup {$sender_host_address}
[partial-}dbm[*] {/var/mail/blocked/spamlist.db}{$value}}"
or
$message_headers contains "${lookup {$sender_host_address}
[partial-]lsearch[*] {/var/mail/blocked/vortex} {$value}}")
endif
In our main configuration file, to look up IP-number databases in flat
files, we don't use searches as above - we simply put the name of the
file:
host_reject_recipients = "!/var/mail/blocked/rev.lookup-exceptions : \
/var/mail/blocked/vortex : \
etc"
But, as far as I can see, though there are no errors reported, this
doesn't work in filters.
Hope that someone else has solved this, or knows how!
Tony
--
Tony Earnshaw
Randstad 2157
1314 BH Almere, NL
e-mail: tonye@???