Viktor Ustiuhov via Exim-users <exim-users@lists.exim.org> (So 23 Feb 2025
03:02:30 CET):
> Sławomir Dworaczek via Exim-users wrote on 23.02.2025 2:06:
> > You're right, only 256 bytes can be in a file
> > Unfortunately, condition behaves as if it didn't work at all, all
> > emails, even those tagged spam, fall into inboxes
> > Regardless of whether they come from external or local domains
> >
> > This is a fragment of the SPAM header:
> > X-Bogofilterd: true
> > X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.2.5
> > and this is a fragment of the HAM header:
> > X-Bogofilterd: true
> > X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.5
>
> to exclude by sender address domain:
>
> ${if and{\
> {match{$h_X-Bogosity:}{\N(?i)^\s*Spam\N}}\
X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.2.5\r\n
|<---- $h_x-bogosity: --------------------------------->|
|<----- $rh_x-bogosity: ------------------------------------>|
No need to check for the space before spam, but better check for the
comma terminating that word. I suggest
match{$h_x-bogosity:}{(?i)^spam,}
> {bool{${lookup{$sender_address_domain}wildlsearch{/etc/exim/listy_acl/bogo_list}{false}{true}}}}\
The wildlsearch isn't required (at least Sławomir didn't mention that he
wants to have *patterns* of domains). If subdomains should be covered,
I'd first try using partial-lsearch, as this would work with
dbm files too.
> to exclude by sender address domain and domain from From: header (does
> not work for multiple addresses in From: header):
>
> {bool{${lookup{${domain:${sg{${sg{$rh_From:}{:}{\\\\:}}}{\N^\s*\S+@\S+\s*(<\S+@\S+>)\N}{\$4}}}}wildlsearch{/etc/exim/listy_acl/bogo_list}{false}{true}}}}\
We have ${address:<string>}, so e.g. ${address:$h_from:}, which extracts
the address. Parsing the header with the expression above is likely
going to fail in allowed but not probably covered edge cases. (Though I
wasn't able to construct one yet.)
To cover more complex cases, we have ${addresses:<string>}, which
extracts all addresses, in case there are multiple.
Same on the wildlsearch here as for the sender_address_domain.
As mentioned in a previous message, DMARC forces us to have not more
than one address in the From: header (and Outlook365(?) seems to force
us too, not sure, if related to domains using DMARC). At least, recently
I saw rejections of messages with more than one address in the From:
header.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
-- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
