Hi!
I' the admin of small exim4 installation which is used to relay
Mail between a few hosts inside the department and up to the
university central smarthost.
Recently I begun to receive 'register form spams' from our
own webservers and due to the needed software I can not
simply take the site down or edit the webpages.
So because I already have a working system-filter to 'munge'
some internal headers, I tried to simply shunt the 'known spams'
away to a dummy address by the following test(s)...
(slightly 'abstracted' by replacing real addresses and hosts):
###################################################################### snip
# some later checks may 'freeze' mail, which may be thawed, so
if not manually_thawed then ## allow to resend by hand if frozen
# check webserver mails ...
if $return_path contains "www-data@" then # normal debian webserver
#- killing '... register webform' 2013-01-18
if $h_Subject: contains "Your Registration" and
$message_body contains "registering with ..." and
$message_body contains "...link..." then
logwrite "$tod_log $message_exim_id diverted ... form spam"
# send to my Junkfolder
seen deliver "USER+Junk@DOMAIN" errors_to postmaster@DOMAIN
# assume this 'done' - so forget the rest ...
seen finish
endif
# ... more webserver checks
endif
endif
###################################################################### snip
BUT the result is:
1) logwrite reacts on the correct mails (the 'if's are correct):
------------------------------------------------------------------------------
2013-01-25 07:01:14 1TycLK-0008R8-EE diverted ... form spam
------------------------------------------------------------------------------
2) I see the mail in the logs:
------------------------------------------------------------------------------
2013-01-25 07:00:56 1TycLK-0008R8-EE <= www-data@DOMAIN H=HOST.DOMAIN [CORRECT_IP] P=esmtps X=TLS1.0:RSA_AES_256_CBC_SHA1:32 S=1545 id=465d6dd46240c3a0e4cca2a3345de4fe@DOMAIN from <www-data@DOMAIN> for DESTINATION@DOMAIN
2013-01-25 07:01:14 1TycLK-0008R8-EE original recipients ignored (system filter)
2013-01-25 07:01:14 1TycLK-0008R8-EE => USER+junk (USER+Junk@DOMAIN) <system-filter> F=<www-data@DOMAIN> R=debug_archive_router T=debug_archive_transport S=2076 QT=24s
2013-01-25 07:01:16 1TycLK-0008R8-EE => DESTINATION@DOMAIN F=<www-data@DOMAIN> R=smarthost T=remote_smtp S=2006 H=mail.fu-berlin.de [130.133.4.67] C="250 OK id=1TycLk-003bVP-Re" QT=26s
2013-01-25 07:01:16 1TycLK-0008R8-EE Completed QT=26s
------------------------------------------------------------------------------
3) 'My copy' seems to be generated
4) *** but the spam-victim get the mail too!
I assumed 'seen finish' would suppress the original delivery ?
Is there a correct way to realize a diversion of mail as:
a) check by some 'if's
b) send a copy to a special address
c) forget the rest of the deliveries
Thanks, Stucki
--
Christoph von Stuckrad * * |nickname |Mail <stucki@???> \
Freie Universitaet Berlin |/_*|'stucki' |Tel(Mo.,Mi.):+49 30 838-75 459|
Mathematik & Informatik EDV |\ *|if online| (Di,Do,Fr):+49 30 77 39 6600|
Takustr. 9 / 14195 Berlin * * |on IRCnet|Fax(home): +49 30 77 39 6601/