Heiko Schlittermann via Exim-users wrote on 23.02.2025 11:13:
> Viktor Ustiuhov via Exim-users <[email protected]> (So 23 Feb 2025
> 03:02:30 CET):
>> Sławomir Dworaczek via Exim-users wrote on 23.02.2025 2:06:
>>> You're right, only 256 bytes can be in a file
>>> Unfortunately, condition behaves as if it didn't work at all, all
>>> emails, even those tagged spam, fall into inboxes
>>> Regardless of whether they come from external or local domains
>>>
>>> This is a fragment of the SPAM header:
>>> X-Bogofilterd: true
>>> X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.2.5
>>> and this is a fragment of the HAM header:
>>> X-Bogofilterd: true
>>> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.5
>>
>> to exclude by sender address domain:
>>
>> ${if and{\
>> {match{$h_X-Bogosity:}{\N(?i)^\s*Spam\N}}\
>
> X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.2.5\r\n
> |<---- $h_x-bogosity: --------------------------------->|
> |<----- $rh_x-bogosity: ------------------------------------>|
>
>
> No need to check for the space before spam,
I prefer to explicitly specify the pattern for whitespace characters in
case in the future for some reason I replace $h_X-Bogosity: with
$rh_X-Bogosity: and forget to add \s or a space to the regex.
> but better check for the
> comma terminating that word. I suggest
>
> match{$h_x-bogosity:}{(?i)^spam,}
In such cases, I prefer to use \b in case the syntax changes in the
header value.
>> {bool{${lookup{$sender_address_domain}wildlsearch{/etc/exim/listy_acl/bogo_list}{false}{true}}}}\
>
> The wildlsearch isn't required (at least Sławomir didn't mention that he
> wants to have *patterns* of domains). If subdomains should be covered,
I assumed that exclusion by sender domains would be insufficient. And
initially I tested more complex conditions. That's why after simplifying
the condition, wildlsearch remained instead of lsearch and I didn't
replace \$4 with \$1 after simplifying the regular expression.
> I'd first try using partial-lsearch, as this would work with
> dbm files too.
>
>> to exclude by sender address domain and domain from From: header (does
>> not work for multiple addresses in From: header):
>>
>> {bool{${lookup{${domain:${sg{${sg{$rh_From:}{:}{\\\\:}}}{\N^\s*\S+@\S+\s*(<\S+@\S+>)\N}{\$4}}}}wildlsearch{/etc/exim/listy_acl/bogo_list}{false}{true}}}}\
>
> We have ${address:<string>}, so e.g. ${address:$h_from:}, which extracts
> the address.
Try to check ${address:$h_From:} for
From: [email protected] <[email protected]>
Right now I can't remember which From header value I escaped the colon
for, so the first replacement can indeed be removed.
> Parsing the header with the expression above is likely
> going to fail in allowed but not probably covered edge cases. (Though I
> wasn't able to construct one yet.)
Please, show me such cases.
Above I showed a case where ${addresses:$h_From:} won't work.
Now it's your turn.
> To cover more complex cases, we have ${addresses:<string>},
Try to check ${addresses:[email protected] <[email protected]>}
> which
> extracts all addresses, in case there are multiple.
The syntax I provided is not used to handle multiple addresses in the
>From header.
> Same on the wildlsearch here as for the sender_address_domain.
> As mentioned in a previous message, DMARC forces us to have not more
> than one address in the From: header (and Outlook365(?) seems to force
> us too, not sure, if related to domains using DMARC). At least, recently
> I saw rejections of messages with more than one address in the From:
> header.
>
> Best regards from Dresden/Germany
> Viele Grüße aus Dresden
> Heiko Schlittermann
>
>
>
--
Best wishes Viktor Ustiuhov
mailto:[email protected]
public GnuPG/PGP key: https://victor.corvax.kiev.ua/corvax.asc
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
