Re: Matching on missing To field?

Thu, 21 Jul 2022 09:40:00 -0700 

I have a number of rules that match on the To field, but what to do if the
>To field is missing?

10_hasbase.cf:header    __HAS_TO                exists:To

define:

meta    MISSING_TO      !__HAS_TO

>Received: from test.com (wsip-72-214-24-18.sd.sd.cox.net [72.214.24.18])
>        by mail01.example.com (Postfix) with SMTP id 12425B9B
>        for <j...@gooddom.com>; Fri, 15 Jul 2022 18:50:34 -0400 (EDT)
>
>I realize I can match on the Received header here, but that would require
>creating an additional rule for each corresponding To rule. Perhaps
there's
>a way to combine them, or a tag that can be used for both?



the main question is what do you want to match.


On 20.07.22 22:40, Alex wrote:

The problem I'm having is that my To header rules aren't matching because
there is no To header, and I'm otherwise unsure what to match on.


The problem is if there's no To: header, there is nothing to match.
You did not say what do you want to match, that's why I asked.


The only
occurrence of the recipient in the entire email is in that Received header.


Aha, so you want to find the recipient!

While SA parses Received: headers into pseudo-headers X-Spam-Relays-*
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/TrustedRelays
looks like it does not try to parse the envelope recipient:
X-Spam-Relays-Untrusted: [ ip=3.227.148.255 rdns=mxout1-ec2-va.apache.org helo=mxout1-ec2-va.apache.org by=fantomas.fantomas.sk ident= envfrom= intl=0 id=1AF2FA0012 auth= msa=0 ] 


Perhaps you could match the received header with name of your mail server:

Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org 
[3.227.148.255])
        by fantomas.fantomas.sk (Postfix) with ESMTPS id 1AF2FA0012
           ^^^^^^^^^^^^^^^^^^^^
        for <uh...@fantomas.sk>; Thu, 21 Jul 2022 04:40:21 +0200 (CEST)
             ^^^^^^^^^^^^^^^^^

unless your mailserver adds envelope recipient address to the headers
(common for domain mailboxes, uncommon for others)
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them

Reply via email to