Re: [Exim] Routing with Spamcop

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Mark Edwards
Datum:  
To: Philip Hazel
CC: exim-users
Betreff: Re: [Exim] Routing with Spamcop
On Monday, August 5, 2002, at 01:05 PM, Philip Hazel wrote:

> On Mon, 5 Aug 2002, Mark Edwards wrote:
>
>>>>>> # Exim filter
>>>>>>
>>>>>> # Ignore error messages
>>>>>> if error_message then finish endif
>>>>>>
>>>>>> # Copy if this is the first delivery attempt
>>>>>> if first_delivery then
>>>>>>    unseen deliver backup@??? errors_to
>>>>>> postmaster@???
>>>>>> endif

>>
>> Sorry, no. There's an additional aspect of this that I left off the
>> last
>> message. Considering the amount of posting you do here, I can easily
>> understand why you've forgotten about it. :) This router is sending
>> the
>> message to the user "spam":
>>
>> # The remaining routers handle addresses in the local domain(s).
>>
>> spam_trap:
>>    driver = redirect
>>    condition = ${if def:h_X-Warning: {yes}{no}}
>>    data = spam
>>    file_transport = address_file

>>
>>
>> So, the question is why does that router pre-empt the system-filter
>> that I
>> have (listed above), which works for other messages? The log (above)
>> is
>> generated with both the router and the system-filter working and
>> active.
>
>
> The system filter will set up a delivery to backup@???. That
> address will go through the routers in the normal way. I think that is
> why you are seeing the effect you are seeing. If you don't want
> postmaster@??? to be routed by that router, add


I still don't see why a mail that is activating the Warning ACL isn't
being routed through the system filter. Here's a log from a normal
email:

2002-08-06 13:07:13 H0FUK0-0004CG-00 <= HCombs@???
H=portal1.visa.com [198.80.42.2] P=smtp S=2499
id=7DC731FDF2B7204F92F1A7468C226CB904969D51@???
2002-08-06 13:07:13 H0FUK0-0004CG-00 => backup <system-filter>
R=localuser T=local_delivery
2002-08-06 13:07:13 H0FUK0-0004CG-00 => jim <jim@???>
R=localuser T=local_delivery
2002-08-06 13:07:13 H0FUK0-0004CG-00 Completed

and here's one from an email that is triggering the Warning ACL:

2002-08-05 23:46:36 H=(yahoo.com) [200.69.211.161] Warning: found in
bl.spamcop.net
2002-08-05 23:46:36 H=(yahoo.com) [200.69.211.161]
F=<passion_toys_shop_2228c12@???> rejected RCPT
<applesaucer@???>: Please direct correspondence for
applesaucer to staff
2002-08-05 23:46:38 H0ETHP-0003KR-00 <=
passion_toys_shop_2228c12@??? H=(yahoo.com) [200.69.211.161]
P=smtp S=3787 id=037b58e24e1b$4661e0d3$6cc38eb2@dufmgx
2002-08-05 23:46:38 H0ETHP-0003KR-00 => spam <system-filter> R=localuser
T=local_delivery
2002-08-05 23:46:38 H0ETHP-0003KR-00 Completed

The system-filter appears to ignore it.

Here is the relevant ACL, by the way:

warn    message       = X-Warning: $sender_host_address is in a black
list at $dnslist_domain
         log_message   = found in $dnslist_domain
         dnslists      = bl.spamcop.net


The only explanation I can see is that the mail is getting delivered to
user "spam" by the spam_trap router, then hitting the system-filter and
the system-filter is ignoring it because it has already been delivered.

I'm going to try removing the "if first_delivery" clause from the
system-filter, and see if that's it. I'm not 100% sure what the
ramifications of not having that clause are though ...

--
Mark Edwards
Engineer
Mr. Toad's
San Francisco, CA