Mailing List Archive: Making a router look at the From: value

Making a router look at the From: value

Apr 26, 2022, 1:35 PM

Post #1 of 4 (319 views)

Hi, folks,

I sorted out the red herrings from the false alarms in my earlier
problem today.

What's happening is Google seems to have cranked up their spam
filters, and I'm getting a lot of false positives in my quarantine box.
It's a long story to explain why, but the best solution I've got to it is
to make my quarantine filter look at the sender and pass it if it's from
our domain. Not ideal, but it's the best I've got.

Whether this can be done, and how, is not obvious to me after spending
some time in the documentation. Can it?

Thanks,

John A

--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Making a router look at the From: value [ In reply to ]

exim-users at exim

Apr 26, 2022, 1:42 PM

Post #2 of 4 (319 views)

Permalink

On 26/04/2022 21:35, Johnnie W Adams via Exim-users wrote:
> What's happening is Google seems to have cranked up their spam
> filters, and I'm getting a lot of false positives in my quarantine box.
> It's a long story to explain why, but the best solution I've got to it is
> to make my quarantine filter look at the sender and pass it if it's from
> our domain. Not ideal, but it's the best I've got.
>
> Whether this can be done, and how, is not obvious to me after spending
> some time in the documentation. Can it?

If your sole "put it in quarantine" path is that router you showed
(the only bit of config you provided, so we're working from
rather a slim set of clues) the all you need is a way of making
that router not accept, for this set of permitted messages.

That's a simple condition on the router.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Making a router look at the From: value [ In reply to ]

exim-users at exim

Apr 26, 2022, 2:05 PM

Post #3 of 4 (319 views)

Permalink

That's the first router, Jeremy, so I left the rest of them out. I'm now
trying to figure out what condition on the router is appropriate. I can't
verify, because I don't have LDAP lookup on this machine. It appears
senders only explicitly allowlists by enumerated name--or can I put a
wildcard like *@ualr.edu there?

On Tue, Apr 26, 2022 at 3:51 PM Jeremy Harris via Exim-users <
exim-users@exim.org> wrote:

> On 26/04/2022 21:35, Johnnie W Adams via Exim-users wrote:
> > What's happening is Google seems to have cranked up their spam
> > filters, and I'm getting a lot of false positives in my quarantine box.
> > It's a long story to explain why, but the best solution I've got to it is
> > to make my quarantine filter look at the sender and pass it if it's from
> > our domain. Not ideal, but it's the best I've got.
> >
> > Whether this can be done, and how, is not obvious to me after
> spending
> > some time in the documentation. Can it?
>
> If your sole "put it in quarantine" path is that router you showed
> (the only bit of config you provided, so we're working from
> rather a slim set of clues) the all you need is a way of making
> that router not accept, for this set of permitted messages.
>
> That's a simple condition on the router.
> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>

--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Re: Making a router look at the From: value [ In reply to ]

exim-users at exim

Apr 26, 2022, 2:17 PM

Post #4 of 4 (319 views)

Permalink

On 26/04/2022 22:05, Johnnie W Adams via Exim-users wrote:
> I'm now
> trying to figure out what condition on the router is appropriate. I can't
> verify, because I don't have LDAP lookup on this machine. It appears
> senders only explicitly allowlists by enumerated name--or can I put a
> wildcard like *@ualr.edu there?

The senders= condition on a router takes an addresslist
( http://exim.org/exim-html-current/doc/html/spec_html/ch-generic_options_for_routers.html )

Addresslists are defined here:
http://exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html
(section 20)

- and yes, various forms of wildcards are supported. As is negation.

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/