On 29/06/17 21:59, Lena--- via Exim-users wrote:
>> The Reply-To: header takes an address-list and is interpreted as such,
>> and IIRC used in that way by some mail-clients when subscribed to
>> mailing-lists but wanting personal copies of replies too. So the `rt:`
>> ACL is going to calculate something which will emit bogus queries to an
>> external service.
> I tested with `exim -be`. If Reply-To contains more than one address
> then ${address expands into empty string, the ${if def
> causes the code to not query anything:
>
> rt:
> warn set acl_m_rt = ${sg{${lc:${address:$header_Reply-To:}}}{\\+.*@}{@}}
> condition = ${if match{$acl_m_rt}{@???}}
> set acl_m_rt = ${sg{${local_part:$acl_m_rt}}{\\.}{}}@gmail.com
>
> deny condition = ${if def:acl_m_rt}
> condition = ${lookup{${domain:$acl_m_rt}}nwildlsearch\
> {MLDOMAINS}{0}{1}}
> dnslists = ebl.msbl.org/${sha1:$acl_m_rt}
> log_message = Reply-To: $header_Reply-To: in EBL: $dnslist_text \
> From: $header_From:, envelope-from $sender_address, \
> recipients=$recipients, Subject: $header_Subject:
> message = spam detected
> # 419 (Nigerian) scams often sent by humans, do not tell them
> # that the spam was detected with EBL http://msbl.org
>
> accept
>
>
Wouldn't you want to check all the addresses, do something like
${map{${addresses:$h_reply-to:}}...?
