Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 14594 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy Rule for replacing header

Sabrina Rieger

Hello,

 

I want to create a policy rule for external mails.

 

If one of this point is true

1. Subject contains [External] or

2. The mail comes from a special domain xxx or

3. the mail comes from an IP from driendly mailservers (SPF List)

then do nothing

else

replace header with Subject=[External]%%Subject

 

My rule looks like


    # attr NAME=Domain Test
     if envelope :comparator "i;ascii-casemap" :all :contains ["from"] ["xxx.de"] {
         # attr NAME=Do not modify Subject
         if anyof(header :comparator "i;ascii-casemap" :contains ["Subject"]
                         ["[External]"],
                  header :comparator "i;ascii-casemap" :memberof ["Received"]
                         ["SPF_Relays"],
                  address :all :memberof :comparator "i;ascii-casemap" ["to",
                                                                        "cc",
                                                                        "bcc"]
                          ["external_recipient"])
         {
         }
         # attr NAME=Modify Subject
         else {
             pmx_replace_header :index 0 :recode "Subject" "[EXTERNAL] %%Subject%%";
         }
     }

 

My problem ist, that the second test "Received Header" is a member of SPF-Relays does not match, altough the testing mail is coming from an IP, that is mentioned in the list SPF-Relays.

Aslo when I test current policy from the interal tool of pure message, it does not work.

 

I hope that somebody can help :-)

BR Sabrina



This thread was automatically locked due to age.
Parents
  • 0

    Hi Sabrina,

    you are likely comparing a given longish text line to your list of SPF hosts.
    The header 'Received' is just a bunch of text containing several pieces of information and I don't think there is special treatment from 'envelope' to extract proper relay info from it and have a type consistent (IP:IP) or type casting comparison nor even some simple substring match. You might try to adjust your list of hosts (type of list as well as entries) to regular expressions and to account for the 'additional' text (you should be aware that Received lines are provided by the smtp client and hence might contain all kinds of false or forged information) or see, whether pmx_relay might be an appropriate test in your environment.

    Hope this helps
    Jens

  • 0 in reply to Jens Pönninghaus

    Hello Jens,

     

    at first I want to thank you,that you answered. :-)

    The problem is, that I want to filter for the special mailservers mentioned in SPF list.

    Unfortunately pmx_relay does not work, because the last mailserver before the mail receive PM is from a provider.

    We want to filter the mailserver in the received header, from which the mail is send.

    Is there a possibility to filter this. If possible, how it works?

    I know that the received header can be spoofed, but our customer want such a policy-rule.

    Best Regards

    Sabrina

Reply
  • 0 in reply to Jens Pönninghaus

    Hello Jens,

     

    at first I want to thank you,that you answered. :-)

    The problem is, that I want to filter for the special mailservers mentioned in SPF list.

    Unfortunately pmx_relay does not work, because the last mailserver before the mail receive PM is from a provider.

    We want to filter the mailserver in the received header, from which the mail is send.

    Is there a possibility to filter this. If possible, how it works?

    I know that the received header can be spoofed, but our customer want such a policy-rule.

    Best Regards

    Sabrina

Children
No Data
Unfiltered HTML