Environment: Exim 4.52 on RedHat RHEL 4
My security guy asked me to capture some of the phishing attempts coming
our way, so I added the following router to send a copy of incoming
emails that matched a regex, to a specific address.
phishing:
driver = redirect
data = security(at)uleth.ca
unseen
no_verify
condition = ${if or{{
match{{${lc:$h_subject:}}{\N(verify|confirm|protect).*(your|uleth).*(e-?mail|add?ress|account)\N}}}
\
{
match{{${lc:$h_subject:}}{\N(account|add?ress).*verification\N}}} \
{
match{{${lc:$h_subject:}}{\Ne-?mail.*maintenance\N}}}} }
headers_add = X-Phishing: Might be a phishing attempt
It seems to work except that the X-Phishing header is not added. This
is not a critical problem, but having the header added would allow him
to use his mail client to filter these messages into a separate folder.
I know there are caveats about using headers_add with unseen and
redirect routers, but after a careful reading of the docs I thought this
would add the header to the copy that got redirected to
security(at)uleth.ca, and not to the copy that is delivered normally.
This doesn't seem to be the case as neither copy has the header when
delivered.
Any thoughts on how to make this work without resorting to filter
files? Thanks.
Russ
--
Russell D. Wilton
University of Lethbridge
4401 University Drive
Lethbridge, Alberta
CANADA T1K 3M4