Re: [exim] compare two headers_rule in acl dont work properl…

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] compare two headers_rule in acl dont work properly
On Tue, Jul 21, 2009 at 05:23:00AM -0700, spawel wrote:
> Every day I received a many letters from spammers. All this letters
> have different headers. I mean that header "from" contains
> "user@???" (domain rambler.ru is in white list) and header
> "return-path" contains another address spam@???. And because
> of that i tried to write special rule in acl_check_rcpt.
> I have two variants, but all of them don not work properly.


In case you don't already know, it's not a good idea to block /all/ mail where
From != Return-Path. Non-spam mail can have From != Return-Path too - for
example, all mail on this mailing list.

> 1)
> warn    log_message = "My rule! It works!"
>         condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
>         hosts =!127.0.0.1 : !localhost : *
>         add_header = X-ACL-Warn: warnings


That probably doesn't work because $h_return-path: will usually be something
like "<user@???>" and $h_from: will usually be something like "Joe Smith <user@???>".

So I'm guessing that that one /never/ matches, yes?

> 2)
>   warn   log_message = "From and Return do not matches! SPAM! It works!!!"
>          condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
>          hosts = !127.0.0.1 : !localhost : *
>          add_header = X-ACL-Warn: $return_path


And this one probably /always/ matches, because mostly $return_path and
$sender_address are the same thing (read what the spec has to say about
$return_path).

If you want to test for this at all, you probably want to compare
${address:$h_From:} to $sender_address. But be aware that non-matching does
not mean that it's spam.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey