Hi
I have problems getting a system filter running:
if $sender_host_address: contains "aa.bb.cc.dd"
then
save /var/mail/trash
elif ($sender_host_address: contains "internal exchange server IP") and ($message_body contains "Subject: {SPAM}") and error_message
then
save /var/mail/spam-bounces
endif
The first match is working fine. There is a group of mailservers that flood me with junk, so I save them on the mail gateway and perodically empty that mailbox (/var/mail/trash).
Most of my bounces are going back to spoofed addresses and are spam.
I thought it would be wise to intercept the messages that are:
1. coming from the internal exchange server and
2. error messages
3. have the local spamfilter's tag in them (that would be in the attached spam message that got bounced).
That's what I tried to do with the elif statement.
I tried numerous combinations of ()-s to separate parts of the expression, tried escaping the braces to no avail.
I have another option to search for a spec header inserted by the spam filter, but that's in the attached mail's header.
Any ideas?
I am interested in alternative solutions too.
thanks in advance.