filtering question

I've been trying to resolve the following question with lunarpages.com,
the company who is hosting my mail to no avail. I thought this would
be a really simple thing, but so far it has proven otherwise and so I'm
turning to this group in the hopes I can find some help.

Note, I am a total exim novice and not expert about mail headers and
such.

Here's the situation.

I have a domain with a small number of email accounts. For discussion
purposes, we can describe it as:

user1 -> actual email account, hosted at the same IP as the website
user2 -> actual email account, hosted at the same IP as the website

Any mail delivered to an undefined address is directed to user1 which
is a catch-all address. I sometimes use random usernames when
registering for websites so I can track if they sell my address and
flush addresses to /dev/null if they are abused.

Lately, spammers have been using some of these addresses such that they
show up in the "Envelope-to" header so no matter what is in the "To"
header, the mail goes whereever the "Envelope-to" header directs it.
The addresses they are abusing are unspecified, so they go to user1.

Since these are "disposable" addresses, I want to send any mail that
has them in any header at all to /dev/null. Initially my web hosting
company suggested that I could use the "$return_path" but I tired it
and couldn't get that to work. At that point they said, "you are
trying to set filter for non existing e-mail accounts which is a very
un-common approach and not very well documented. It also is not
possible to filter out the e-mail address in the "Envelope-To:" field
since this field is added after the header passed the filters. This has
to do with the way cPanel is handling e-mail delivery which is a little
bit different then on a regular mail server." Several times I have
pointed out that I didn't give a hoot about filtering on the
"Envelope-to" field per se, but the address that is appearing in it,
and that address was in a valid header somewhere because if it wasn't,
it would never have gotten to me in the first place.

I should note that I have tried editing the .filter file (as my web
hosting service originally directed) as follows:

$header_to: contains "newsnospam@mydomain.com"+++++++/dev/null
$message_headers contains "owner@mydomain.com"+++++++/dev/null
$message_headers contains "skin@mydomain.com"+++++++/dev/null
$message_headers contains "spam@mydomain.com"+++++++/dev/null
$message_headers contains "united@mydomain.com"+++++++/dev/null
$message_headers contains "vehix@mydomain.com"+++++++/dev/null
$message_headers matches
"(spidy|united|vehix|owner|skin)@sampledomain.com" +++++++/dev/null
$return_path matches "^skin@mydomain.com"+++++++/dev/null
$return_path matches "^united@mydomain.com"+++++++/dev/null
$return_path matches "^owner@mydomain.com"+++++++/dev/null
$return_path matches "^vehix@mydomain.com"+++++++/dev/null
$return_path matches "^spidy@mydomain.com"+++++++/dev/null

I would never have guessed that filtering for an address would be so
difficult. Is there a way to filter on the contents of whatever header
ends up as "Envelope-to" field?

Thanks in advance.

Michael

Michael Bierman wrote:


> Since these are "disposable" addresses, I want to send any mail that
> has them in any header at all to /dev/null. Initially my web hosting
> company suggested that I could use the "$return_path" but I tired it

That's wrong, $return_path contains the sender address, not the recipient.

You could try $local_part (contains the recipient without domain), but
that may be rewritten when forwarded to your user1 (depends on their setup).

The problem with Envelope-To is, that it's added by the transport, but
the filter has to run before that.
Another way could be to filter on the content of the Received header.
Exim puts all recipients there.

Anyway, it would be much better if the ISP had some ACL to allow users
to block these things without fiddling in a filter. I don't know cPanel,
but in a good, extensible setup this is not a big deal.

> and couldn't get that to work. At that point they said, "you are
> trying to set filter for non existing e-mail accounts which is a very
> un-common approach and not very well documented. It also is not

Sounds like blabla. What is a "e-mail account"? From the outside, the
addresses are reachable, so the accounts exists. Anyway, this has
nothing to do with your problem.

Thanks for your reply, Jakob. It sounds like I need to find a new
provider because their MTA filtering is limited. Did I understand you
to say that what I'm trying to do should normally not be difficult?
That is, if I switch providers should I expect to be able to accomplish
this? Better yet, what features should I be asking them for before I
sign up?

I guess $message_headers doesn't work because of the order in which
they are doing filtering?

Michael

Hi there


Michael wrote:

> Thanks for your reply, Jakob. It sounds like I need to find a new
> provider because their MTA filtering is limited. Did I understand you
> to say that what I'm trying to do should normally not be difficult?
> That is, if I switch providers should I expect to be able to accomplish
> this? Better yet, what features should I be asking them for before I
> sign up?

If you run your own mail server, why do you use your ISP's mailserver?


Regards,
Rob
--
+----------------------------------------------------------------------+
| Abolish all monarchies |
+----------------------------------------------------------------------+

Michael wrote:

> Thanks for your reply, Jakob. It sounds like I need to find a new
> provider because their MTA filtering is limited. Did I understand you
> to say that what I'm trying to do should normally not be difficult?

Yes, but nevertheless such a feature is not common in provider setups.
Maybe because most people don't request or know that's it's possible.

> That is, if I switch providers should I expect to be able to accomplish
> this? Better yet, what features should I be asking them for before I
> sign up?

"filtering on envelope data", "filterin at smtp time", "blacklist
recipients".

> I guess $message_headers doesn't work because of the order in which
> they are doing filtering?

$message_headers: This variable contains a concatenation of all the
header lines when a message is being processed, except for lines added
by routers or transports. The header lines are separated by newline
characters.

Since Envelope-To is added by the transport, it will not be in
$message_headers.
But as I said, it could be possible to filter on $header_received. OTOH,
it should then also appear in $message_headers.

Hi Rob, I am not running my own mailserver. I'm sorry if I gave that
impression.

Michael