Re: [Exim] filter help

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Tristan Aston
CC: exim-users
Subject: Re: [Exim] filter help
tris@??? said:
> A nasty person is sending huge ammounts of UBE to <random>@domains
> they have set the message subject to be random, and the from address
> is <random>@mydomain


> The main problem is that I'm now getting thousands of bounces.


Set receiver_verify - that will ensure you only receive bounces for
valid addresses at your site.

If you use a smartuser to forward stuff on (thus meaning
receiver_verify won't work) then see if there is a pattern to the
<random>@mydomain. Often these will be sent using something like an 8
character pattern, if you can regexp this with something that has a
high hit rate on the faked sending user but does not impact your normal
username set, then set it up as a smartuser director which *rejects*
the addresses.

After that its down to pattern matching in the filter... with the
problem that the headers on the original message are in the body of the
bounce message and may be abscent entirely.

Make sure you complain to the ISP sourcing this stuff - remember that
forging your address set is illegal in most places - and actionable.

    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]