Re: [exim] Hotmail spam issue

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Graeme Fowler at <-
MMIan Eiloart at ->
Delete this message
Reply to this message
Author: Craig Jackson
Date:  
To: David Saez Padros, exim-users
Subject: Re: [exim] Hotmail spam issue


> -----Original Message-----
> From: exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] On Behalf Of David Saez Padros
> Sent: Saturday, December 22, 2007 1:17 PM
> To: Craig Jackson
> Cc: exim-users@???
> Subject: Re: [exim] Hotmail spam issue
>
> hi
>
> we do this that way:
> 
>    warn    set acl_m2     =

> 
>    warn    condition      = ${if def:h_x-originating-ip:}
>            set acl_m2     = ${sg {$h_x-originating-ip:}{(\\[|\\])}{}}

> 
>    warn    condition      = ${if eq {$acl_m2}{}}
>            condition      = ${if def:h_x-mdremoteip:}
>            set acl_m2     = ${sg {$h_x-mdremoteip:}{(\\[|\\])}{}}

> 
>    deny    condition      = ${if isip{$acl_m2}}
>         dnslists       = bl.spamcop.net/$acl_m2 : \
>                             sbl-xbl.spamhaus.org/$acl_m2 : \
>                             virbl.dnsbl.bit.nl/$acl_m2 : \
>                             list.dsbl.org/$acl_m2
>            message        = Originating IP listed at $dnslist_domain
>            log_message    = Blacklisted originating IP \
>                             ($acl_m2 listed at $dnslist_domain)

>
> > Hi,
> >
> > We get some spam over the Hotmail.com network. The only way
> that I can
> > tell where the mail is actually originating from is the
> originating ip
> > header that hotmail adds to the email which looks like this
> >
> > X-Originating-IP: [41.219.194.12]
> >
> > What's the best way to have exim set this ip address into a
> variable
> > such as acl_mx? I've looked at match and sg but I can't put this
> > together.
> >
David,

Okay, your response is greatly appreciated and has set me in motion to
do exactly what I want to do. Here's the relevant section from the data
acl: 

warn    condition = ${if def:h_X-Originating-IP:}
       set acl_m1M = ${if
match{$h_X-Originating-IP:}{\N\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\N}{$0}{
0}}


warn    message = X-Spam: OIP $acl_m1M on spammer network
        condition = ${if !eq{$acl_m3}{0}}
        condition = ${if isip{$acl_m1M}}
        condition = ${if match_ip{$acl_m1M}{${sg {${lookup
mysql{TAG_BADNETWRKS}}}{\n}{:}}}{1}{0}}


deny    condition      = ${if isip{$acl_m1M}}
        condition     = ${if !eq{$acl_m3}{0}}
         dnslists       = bl.spamcop.net/$acl_m1M
        message        = Originating IP listed at $dnslist_domain
        log_message    = Blacklisted originating IP \
                       ($acl_m1M listed at $dnslist_domain)


THANKS a bunch!

Craig

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Hotmail spam issueRe: [exim] bouncing message, improper configuration of server.->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)