Hi There,
Tried googling for quite a bit, but didn't really find what I was after.
What I'm trying to do is log a specific header line in the received: portion to a different log file.
Basically we've got a simple filter we've created for our exim which blocks email to specific domains (for spam reasons). We think we've got a bucketload of compromised accounts but want to capture them. The filter is currently:
deny message = Domain $domain is prohibited for outgoing mails
domains = lsearch;/etc/exim4/restricted_domains
This is under acl_check_rcpt:
What we wish to do is expand the header and then write this to a different log file
So using:
'${sg{$h_Received:}{\N\n[ \t]\N}{ }}'
Which returns a better header we then want to search for our inserted variable (from another mail system) of authenticated sender .. like in this line:
from xxxx (unknown [xx.xx.xx.xx]) (Authenticated sender: xxx@???) by xx.nz (Postfix) with ESMTPA id E4685935877 for <xxxx@???>; Tue, 17 Nov 2015 13:12:33 +1300 (NZDT)
So we want to write this bit (Authenticated sender: xxx@???<
mailto:xxx@xxx.org.nz>) into a separate log file.
Possible? I'll admit to not being an expert on the exim variables etc.
Thanks for any replies.
Cheers,
Daniel
