Hi, wir bekommen viele Mails mit dem Betreff info re_zeptfrei ordern - wie kann ich den Betreff mit dem Inhalt als "Blacklist" Eintrag bei den What Objekten hinzufügen? Ein Match Pattern mit Subject nimmt er nicht an.
Danke
Danke
Code:
Return-Path: <firewall@selvigtech.com>
Received: from mx10.xxx.de (127.0.0.1:43004)
by mx10 (kopano-dagent) with LMTP;
Mon, 31 Jul 2023 10:59:26 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mx10.xxx.de (Postfix) with ESMTP id 31BD92C0676
for <xxx@xxx.de>; Mon, 31 Jul 2023 10:59:26 +0200 (CEST)
X-Virus-Scanned: by amavisd-new-2.10.1 (20141025) (Debian) at xxx.de
X-Spam-Flag: NO
X-Spam-Score: -6.706
X-Spam-Level:
X-Spam-Status: No, score=-6.706 tagged_above=-1000 required=5
tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_FAIL=0.001,
SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Received: from mx10.xxx.de ([127.0.0.1])
by localhost (mx10.xxx.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FDEu2Nx1G0IE for <xxx@xxx.de>;
Mon, 31 Jul 2023 10:59:25 +0200 (CEST)
Received: from pmg2.xxx.de (pmg2.xxx.de [xxx])
by mx10.xxx.de (Postfix) with ESMTP id A54CA2C0672
for <info@xxx.de>; Mon, 31 Jul 2023 10:59:25 +0200 (CEST)
Received: from pmg2.xxx.de (localhost.localdomain [127.0.0.1])
by pmg2.xxx.de (Proxmox) with ESMTP id 788A521D93
for <info@xxx>; Mon, 31 Jul 2023 10:59:25 +0200 (CEST)
Received-SPF: pass (selvigtech.com: 2.56.10.69 is authorized to use 'firewall@selvigtech.com' in 'mfrom' identity (mechanism 'ip4:2.56.10.0/24' matched)) receiver=pmg2.xxx.de; identity=mailfrom; envelope-from="firewall@selvigtech.com"; helo=firewall.selvigtech.com; client-ip=2.56.10.69
Received: from firewall.selvigtech.com (firewall.selvigtech.com [2.56.10.69])
by pmg2.xxx.de (Proxmox) with ESMTPS id BE3762054C
for <info@xxx.de>; Mon, 31 Jul 2023 10:59:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=root; d=selvigtech.com;
h=From:Subject:To:Content-Type:MIME-Version:Date:Message-ID;
i=firewall@selvigtech.com;
bh=pFr6kjbQtFJMxnGcJRiFrc2Ddnd78Ks5zU6wCSPvO5I=;
b=c74XOq+6PN+s6zKNaMOlA8pMvCf6OvOhEoOjbUIcT0NTu/HS9bz9RFN7Aab0vwWzu36ZNkuk4d5x
z/zQIG580tRYGxOPiWX+bfPkl/FBCh6M01QbVHyLUJQgPBD+0hcknWrTnbHyy36LcO5DDzr4/SlR
oI3pTZ7obzhIWM69mzc=
From: "Apotheke" <firewall@selvigtech.com>
Subject: info re_zeptfrei ordern
To: "info" <info@xxx.de>
Content-Type: multipart/alternative; boundary="BYck6yNg6eGQA26KWQakcMJuIz2U=_AWNq"
MIME-Version: 1.0
Date: Mon, 31 Jul 2023 10:59:24 +0200
Message-ID: <0.0.3.74D.1D9C38D4D7839C0.0@firewall.selvigtech.com>
X-SPAM-LEVEL: Spam detection results: 0
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DMARC_PASS -0.1 DMARC pass policy
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_SCC_BODY_TEXT_LINE -0.01 -
URIBL_DBL_BLOCKED_OPENDNS 0.001 ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ [selvigtech.com]