I was using the hash-type arrays. Would something like this work for the
hash array to represent any sender at this domain?
'.email.avi-8.com' => -100.0,
Yes, but I was under the impression that you wanted to match VERP-style
sender addresses, specifically.
Apr 19 17:21:23 xavier amavis[679593]: (679593-18)
{"@timestamp":"2024-04-19T21:21:22.452Z","action":["DISCARD","PASS"],"actions_performed":"DiscardedInbound
RelayedInbound
Quarantined","attached_file_names":["message.msg"],"author":"[email protected]"]
Looks like a multi-recipient mail, where one of the recipients triggered a
Discard+Quarantine and the other a Pass.
Ah, yes, that looks like the case. I have an always_bcc user being used
here, but it never used to be quarantined, even when the other recipient
was.
I traced the message to the final recipient, and he did receive it, but the
bcc-user did not. What could have changed?
Are you sure? I am not able to reproduce that. Your logline indicates
that you log the report_json. Please check `action` and `ccat_main` of
your bcc recipient in the report's `recipients` structure.
