compare two headers_rule in acl dont work properly

Hi!  I  am from Russia and my english is not so good as you and I need
help with Exim MTA.
Every  day  I  received a many letters from spammers. All this letters
have   different   headers.   I   mean  that  header  "from"  contains
"user@rambler.ru"  (domain  rambler.ru  is  in  white list) and header
"return-path"  contains another address spam@spammers.com. And because
of that i tried to write special rule in acl_check_rcpt.
I have two variants, but all of them don not work properly.

1)
warn    log_message = "My rule! It works!"
        condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
        hosts =!127.0.0.1 : !localhost : *
        add_header = X-ACL-Warn: warnings

2)
  warn   log_message = "From and Return do not matches! SPAM! It works!!!"
         condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
         hosts = !127.0.0.1 : !localhost : *
         add_header = X-ACL-Warn: $return_path

This rules dont contain any gramatic errors, no mistakes in exim log, but they dont work!
What am I not understand?
Please help!

spawel wrote:
You really don't want to do this.

For a good reason why not, look at the headers of the messages on this mailing list.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@...
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Tue, Jul 21, 2009 at 05:23:00AM -0700, spawel wrote:
> Every  day  I  received a many letters from spammers. All this letters
> have   different   headers.   I   mean  that  header  "from"  contains
> "user@..."  (domain  rambler.ru  is  in  white list) and header
> "return-path"  contains another address spam@.... And because
> of that i tried to write special rule in acl_check_rcpt.
> I have two variants, but all of them don not work properly.

In case you don't already know, it's not a good idea to block /all/ mail where
From != Return-Path.  Non-spam mail can have From != Return-Path too - for
example, all mail on this mailing list.

> 1)
> warn    log_message = "My rule! It works!"
>         condition =${if !eq{${lc:$h_return-path:}}{${lc:$h_from:}}{yes}{no}}
>         hosts =!127.0.0.1 : !localhost : *
>         add_header = X-ACL-Warn: warnings

That probably doesn't work because $h_return-path: will usually be something
like "<user@...>" and $h_from: will usually be something like "Joe Smith <user@...>".

So I'm guessing that that one /never/ matches, yes?

> 2)
>   warn   log_message = "From and Return do not matches! SPAM! It works!!!"
>          condition = ${if !match{$return_path}{$sender_address}{yes}{no}}
>          hosts = !127.0.0.1 : !localhost : *
>          add_header = X-ACL-Warn: $return_path

And this one probably /always/ matches, because mostly $return_path and
$sender_address are the same thing (read what the spec has to say about
$return_path).

If you want to test for this at all, you probably want to compare
${address:$h_From:} to $sender_address.  But be aware that non-matching does
not mean that it's spam.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey


--
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/