Hello all, I am working on quarantining all messages claming from originating from our domain. Using the following .siv code.
# attr NAME=Check for fake senders
if anyof(address :all :matches :comparator "i;ascii-casemap" ["from"]
["**xyz.com"],
envelope :comparator "i;ascii-casemap" :all :matches ["from"]
["**xyz.com"])
{
pmx_quarantine "Fake Sender";
stop;
}
This was from a earlier thread I started:
/search?q= 1519
However, I ran into the following snag regarding an exclusion we need to make. We need to allow certain legitimate emails that come from our domain through. So I created a list and made the followig changes to the rule:
# attr NAME=Quarantine fake senders from our domain
if anyof(address :all :matches :comparator "i;ascii-casemap" ["from"]
["**xyz.com"],
envelope :comparator "i;ascii-casemap" :all :matches ["from"]
["**xyz.com"])
{
# attr NAME=Allow these senders to pass
if anyof(envelope :comparator "i;ascii-casemap" :all :memberof ["from"]
["fake-sender-opt-outs"],
address :all :memberof :comparator "i;ascii-casemap" ["from"]
["fake-sender-opt-outs"])
{
keep;
pmx_mark1 "external_inbound_fake_sender_allow";
}
# attr NAME=Quarantine the rest
if envelope :comparator "i;ascii-casemap" :all :contains ["from"]
["**xyz.com"]
address :all :contains :comparator "i;ascii-casemap" ["from"]
["**xyz.com"])
{
pmx_quarantine "fake_sender";
pmx_mark1 "external_inbound_fake_sender";
}
}
I am thinking however there is an excessive number of checks with my logic here since, I am testing twice for the xyz.com domain. Can someone advise on how he/she would approach what I am trying to accomplish?
Thanks
This thread was automatically locked due to age.
