Receiving mail from a filtered domain

[Mike Healan]

I'm starting to get verification requests from spamarrest.com again after having filtered that domain in the email control panel.

Here is a header from one of them.

Return-path: <>
Envelope-to: [email protected]
Delivery-date: Tue, 27 Jan 2004 17:21:27 -0600
Received: from [66.150.163.174] (helo=spamarrest.com)
by www50.dixiesys.com with esmtp (Exim 4.24)
id 1AlcWN-00016L-Mh
for [email protected]; Tue, 27 Jan 2004 17:21:27 -0600
Received: from [66.150.163.164] (HELO m10)
by spamarrest.com (CommuniGate Pro SMTP 4.1.6)
with ESMTP id 50158508 for [email protected]; Tue, 27 Jan 2004 15:21:26 -0800
Message-ID: <1473373.1075245686964.JavaMail.root@m10>
From: "Total-Harmony.Com" <[email protected]>
Reply-To: "Total-Harmony.Com" <[email protected]>
To: [email protected]
Subject: RE: hello (verification)
In-reply-to: <[email protected]>
Errors-to: [email protected]
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1042656_11707304.1075245686962"
X-Spamarrest-noauth: 1
X-Spamarrest-speedcode:
Precedence: auto_reply
Date: Tue, 27 Jan 2004 15:21:26 -0800

 

[DirectAdmin Support]

How did you set the filter (what values in which type) ?

John

 

[Mike Healan]

Filter Value Select
Block the following domain: 0spam.com
Block the following domain: mailblocks.com
Block the following domain: bluebottle.com
Block the following domain: spamarrest.com
Block the following domain: globespeed.net
Block the following e-mail: [email protected]
Block e-mail containing this word: spam interceptor
Block the following domain: riskfreemail.com

 

[DirectAdmin Support]

Hmm..

Check your /etc/virtual/domain.com/filter file to see if the domains are added.. the "block domain" bit just adds:

if 
     $header_from: contains "domain.com"
then
    seen finish
endif

which *should* catch that..

John

 

[Mike Healan]

Here is the file contents. Sorry for the delay.

[root@www50 root]# cat /etc/virtual/spywareinfo.com/filter
# Exim Filter

# created by DirectAdmin, version 1.20.5
# Do not modify this file as any changes will be
# overwritten when the user makes a change.
# (data is only written to this file, not read)

if error_message then finish endif

if
$header_from: contains "0spam.com"
or $header_from: contains "mailblocks.com"
or $header_from: contains "bluebottle.com"
or $header_from: contains "spamarrest.com"
or $header_from: contains "globespeed.net"
or $header_from: contains "[email protected]"
or $header_subject: contains "spam interceptor" or $header_body: contains "spam interceptor" or $message_body: contains "spam interceptor"
or $header_from: contains "riskfreemail.com"
then
seen finish
endif

 

[DirectAdmin Support]

Well, we can clearly see that spamarrest.com is being blocked.. and that the From line is:

From: "Total-Harmony.Com" <[email protected]>

But I'm not too sure why exim didn't catch that...

John