Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trouble with HTo: rule to block spam

Status
Not open for further replies.

poetimp

IS-IT--Management
Apr 22, 2009
1
US
We are getting pummeled with spam coming in where the address is prefixed with a pipe "|" character. Exchange ignores the thing and processes the address ad if it were not there. I am trying to write a rule that bit-bucket any message that is sent to an address that contains a pipe. I have it working.... sorta.

Here are my rules:

LOCAL_CONFIG
HTo: $>CheckForPipe
Khasapipe regex -a@MATCH \|
LOCAL_RULESETS
SCheckForPipe
R $* $: $>Parse0 $>3 $1
R $* $: $>final $1
R$+ $: $(hasapipe $1 $)
R@MATCH $# error 5.1.3 "553 Invalid address format"


This works perfectly when there is only one address on the To: line; If it finds a pipe it rejects the message and if it does not contain a pipe the message is processed normally. When there are more than two addresses, regardless of whether it has a pipe or not, I get a failure in the log that looks like:

ruleset=CheckForPipe, arg1=person1@xyz.com, person2@xyz.com, person3@xyz.com, relay=xxx.xyz.com [10.11.5.28], reject=553 5.1.3 Invalid route address

When I run the rule manually using sendmail -bt it seems to be able to parse multiple addresses without issue.

What am I missing?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top