On Tue, Jul 21, 2009 at 05:23:00AM -0700, spawel wrote:
> Every day I received a many letters from spammers. All this letters
> have different headers. I mean that header "from" contains
> "user@???" (domain rambler.ru is in white list) and header
> "return-path" contains another address spam@???. And because
> of that i tried to write special rule in acl_check_rcpt.
> I have two variants, but all of them don not work properly.
In case you don't already know, it's not a good idea to block /all/ mail where
From != Return-Path. Non-spam mail can have From != Return-Path too - for
example, all mail on this mailing list.
> 1)
> warn log_message = "My rule! It works!"
> condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
> hosts =!127.0.0.1 : !localhost : *
> add_header = X-ACL-Warn: warnings
That probably doesn't work because $h_return-path: will usually be something
like "<user@???>" and $h_from: will usually be something like "Joe Smith <user@???>".
So I'm guessing that that one /never/ matches, yes?
> 2)
> warn log_message = "From and Return do not matches! SPAM! It works!!!"
> condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
> hosts = !127.0.0.1 : !localhost : *
> add_header = X-ACL-Warn: $return_path
And this one probably /always/ matches, because mostly $return_path and
$sender_address are the same thing (read what the spec has to say about
$return_path).
If you want to test for this at all, you probably want to compare
${address:$h_From:} to $sender_address. But be aware that non-matching does
not mean that it's spam.
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
