Was spam sent TO you, or was your box used as a relay? If it was sent to
you, its a far smaller problem, and a filter (an individual user filter
on your account) is just right. Instead of all those headers, just check
"$h_to $h_bcc" - you can check both of them in one go like that. bcc is
irrelevant, since if something is bcc'd to you it wont show up usually.
Also, add additional checks for the addresses of any maailing lists you
are subscribed to.
If you are being used as a relay, you need to look at the relay control
provisions in exim - Basically you want the following scenario:
1. If the mail is addressed (envelope recipient here - not headers) to a
valid address in a local domain (eg, _your_ domain(s)), then accept the
mail.
2. If the mail is not addressed to a local domain, but originates from
your own network (IP network - and this is the origination HOST, not the
senders email address, which is trivial to forge - you want to actually
control this based on the numeric IP address here - no domains)
3 Otherwise (a message originating from some random IP address, that is
addressed to any domain not local to you), REJECT.
Exim can do this easily.
Also, wildcard MX records are a real good way to encourage people to
forge a fake host in your domain as their sender address in spam, even
if it isnt relayed through your servers. Wildcard MX are a bad idea -
instead list specific MX records for the specific domains you want to
receive mail for, and no others. (And senders will then automatically
get "domain does not exist" errors if someone tries to send mail to any
that, well, dont exist - in fact, their email server may not even
accept the mail from them in the first place, keeping the problem
completely away from yours)
On Sun, 18 Mar 2001, Robert Gomulka wrote:
> Hi !
> I've got 2 problems:
> 1. My mail server was used for spamming :( So I've decided to put into my
> system filter (windows executable filter) such lines:
> if ${lookup{${domain:$header_from:}}lsearch{/etc/exim/aliases/domains}{a}} is
> ""
> and ${lookup{${domain:$header_to:}}lsearch{/etc/exim/aliases/domains}{a}} is
> ""
> and ${lookup{${domain:$header_cc:}}lsearch{/etc/exim/aliases/domains}{a}} is
> ""
> and ${lookup{${domain:$header_bcc:}}lsearch{/etc/exim/aliases/domains}{a}} is
> ""and
> ${lookup{${domain:$received_for:}}lsearch{/etc/exim/aliases/domains}{a}} is
> ""
> then [write a spam message and fail].
> But I don't know if it is the best solution - I just want to refuse _all_
> mail not addressed to/from my domains. Another thing is that after applying
> this last check (for $received_for) I couldn't receive mail from mailing
> list! The reason is that none headers in that mail contain my address, so
> filter quickly :fails: it. I even don't know if your answer will come to me
> ... :(
> 2. I wanted to use wildcard MX records in DNS (like *.mydomain MX 10
> my.mail.host). But sending mail to no-existent domain (@nonexistent.mydomain)
> freezes this mail. After a moment I put statement 'self = fail' in my exim
> configuration (routers conf). And now it works OK, but after sending to
> domain described above mail returns to sender with body: "Error: lowest MX
> points to localhost bla bla ...". I just want to customize that error
> message, like "Sorry, that domain does not exist. Please check it ..."
> Or anyone has better idea to do that? (Ah, and my domains are listed in file
> mentioned in question 1).
> Thanks in advance and sorry for my english
> Robert
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
--