I find the problem
the correct daemon.ini section is [daemons] and not [daemons global] as i configured erroneously
thanks a lot
G'day,
I need help on how to block or kill incoming messages at Mercury Server level that contain the same To and From Address.
Example:
From Leonor Ljve [michael@doyle.id.au]
Received: from spooler by doyle.id.au (Mercury/32 v4.62); 28 May 2009 02:43:52 +0800
X-Envelope-To: <michael@doyle.id.au>
X-SPAMWALL: Passed through antiSPAM test by SpamHalter 4.4.0 on doyle.id.au (307)
X-SPAMWALL: probability - 0.0%
X-SPAMWALL: Debug - http 0.0000008862216
X-SPAMWALL: Debug - style 0.0000013343439
X-SPAMWALL: Debug - color 0.0000016040087
X-SPAMWALL: Debug - www 0.0000017205663
X-SPAMWALL: Debug - href 0.0000023895434
X-SPAMWALL: Debug - div 0.0000027543505
X-SPAMWALL: Debug - com 0.0000042547036
X-SPAMWALL: Debug - width 0.0000047731786
X-SPAMWALL: Debug - font 0.0000050103715
X-SPAMWALL: Debug - table 0.0000070530815
X-SPAMWALL: Debug - html 0.0000071407149
X-SPAMWALL: Debug - align 0.0000071591186
X-SPAMWALL: Debug - the 0.0000083415358
X-SPAMWALL: Debug - target 0.0000114908188
X-SPAMWALL: Debug - border 0.0000117849483
X-SPAMWALL: Debug - blank 0.0000120735035
X-SPAMWALL: Debug - you 0.0000162374566
X-SPAMWALL: Debug - text 0.0000169216191
X-SPAMWALL: Debug - center 0.0000208402801
X-SPAMWALL: Debug - class 0.0000225002250
X-SPAMWALL: Debug - ... 0.0000000000000
Return-path: <michael@doyle.id.au>
Received: from relay01.westnet.com.au (203.10.1.230) by silvergull.id.au (Mercury/32 v4.62) with ESMTP ID MG000003;
28 May 2009 02:43:49 +0800
Received: from c953c959.virtua.com.br (c953c959.virtua.com.br [201.83.201.89])
by relay01.westnet.com.au (Postfix) with ESMTP id 007E310C947
for <michael@doyle.id.au>; Thu, 28 May 2009 02:43:28 +0800 (WST)
Message-ID: <390469260774790.YOAJPDFMOOLFLWD@c953c959.virtua.com.br>
From: "Leonor Ljve" <michael@doyle.id.au>
To: michael@doyle.id.au
Subject: Confirm delivery
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Date: Thu, 28 May 2009 02:43:28 +0800 (WST)
X-UC-Weight: [## ] 111
X-CC-Diagnostic: Message contains Lazy HTML (51),
Body contains (ob) "clickhere" (30), Body has all "click here, unsubscribe" (30)
No easy way to do this with rules, as you cannot use placeholders etc.
You could do it with a pair of rules for each address but that gets out of hand if you have more than a few users.
Also, the From: in the message is often different to the SMTP MAIL FROM:
All of our users are connecting from known IP addresses, so in transflt.mer I have the rule
M, "*@mydomain.com*", B, "554 Fraudulent MAIL FROM - rejected"
The connection control entries for MercS exempt our users from transaction filtering.
I made a small event daemon a few months ago to catch this kind of spam. It will add headers to the message during the SMTP transaction that later on can be used for filtering or to trigger SpamHalter.
First a X-Identical header will be added, and then, if a number of additional conditions are met (not authenticated, not known local LAN, only one RCPT, not already blocked), a X-Blocked header will be added as well. Furthermore, if the RCPT is not a valid local user, the SMTP connection will be terminated and the sending host will be added to the short-term blacklist. Sending several such messages in sequence from one IP will cause the same action. All actions are logged to console window and log file.
The daemon can be downloaded here: http://83.140.29.200/rcptcheck.zip
To install it, copy the DLL file to your Mercury directory and add this line to the [Daemons] section in DAEMON.INI:
RcptCheck = rcptcheck.dll
/Rolf
Hello Rolf
I have installed the event daemon following the instruction but nothing happens. (i'm looking for the X-Identical header but none found)
how can I verify that it works?
regards
If the daemon has been successfully installed it will print "RcptCheck daemon loaded successfully" in the system message window when Mercury is started. If not there might be some error message there.
Other than that note that the daemon compares the SMTP envelope sender and recipient information, which may not be the same as the From and To headers in the message itself. Furthermore a tagged message can of course have been removed by some other anti-spam tool in the system before you get to see it in your mailbox.
/Rolf
