I must be doing something really stupid or overlooking
something obvious, but I'm having a spot of trouble
getting a match on a Received line.
The problem that I'm trying to correct is related to
SPAM that forges one of our inner-office email addresses
as the from email. It may not even be an exact email
address. Sometimes they'll append garbage on the front.
This is compounded by the fact that we do send mail to
ourselves (typically because our office copier uses our
own email addresses when we scan something on it).
Basically, I need to check to make sure that an email
that is from our domain name to our domain name has
come from inside the office. The only way that I can
conceive is by using the Received line to check for
the presence of our firewall machine IP, which all
traffic going out of the office LAN (including to
the email server) must pass through.
Here is what I have tried:
* H ?? ^From:(_dot_)*(_at_)apid\(_dot_)net
* H ?? ! ^Received:.*65\.17\.84\.226
When an email with our domain name comes along, the logs
show that it always matches the From: line no problems,
but its *NEVER* matches on the Received line.
I wonder if it's because email can have multiple Received
lines... I don't know if that would affect it.
If anyone has some inspiration for me, I'd appreciate it.
procmail mailing list Procmail homepage: http://www.procmail.org/