Hi
Scott:
I'm running
1.82.
Here is the Imail 8
log:
01:07 13:13
SMTPD(d15f7804014ea63d) [63.107.174.14] connect 67.132.45.18 port 2525
01:07 13:13 SMTPD(d15f7804014ea63d) [67.132.45.18] EHLO mail.dollardays.com
01:07 13:13 SMTPD(d15f7804014ea63d) [67.132.45.18] MAIL FROM:...
01:07 13:13 SMTPD(d15f7804014ea63d) [67.132.45.18] EHLO mail.dollardays.com
01:07 13:13 SMTPD(d15f7804014ea63d) [67.132.45.18] MAIL FROM:...
I set up a filter to
simpify reporting on mail coming from a certain gateway:
REMOTEIP -1 IS 67.132.45.18
HEADERS -2 CONTAINS X-Virus-Scanned: SpammerTrap
HELO -4 CONTAINS mail.dollardays.com
HEADERS -2 CONTAINS X-Virus-Scanned: SpammerTrap
HELO -4 CONTAINS mail.dollardays.com
Normally, it should
add up to -7.
I can accept
that REMOTEIP -1 IS 67.132.45.18 is not see, as it is in
IPBYPASS.
It does see the "Headers".
But, no matter if I use "IS" "STARTSWITH" or even
"CONTAINS", I can't get it to catch the HELO?
Here is the actual line (control characters inserted
for visibility):
HELO\t-4\tCONTAINS\tmail.dollardays.com\r\n
No matter what I do, Declude only weighs "-2", which is
the Headers/contains.
01/07/2005 13:13:55
Qd15f7804014ea63d BONDEDSENDER:-5 nNOLEGITCONTENT:-3 SNIFFER:7 SPAMDOMAINS:4
GATEWAY:-2 . Total weight = 1.
...
01/07/2005 13:13:55 Qd15f7804014ea63d From: ... To: ... IP: 216.128.75.22 ID: 306E235A9C4
...
01/07/2005 13:13:55 Qd15f7804014ea63d From: ... To: ... IP: 216.128.75.22 ID: 306E235A9C4
Best
Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/