I just threw these together as part of an acl_data..
I obviously havent had much time to test them, but they should be pretty
effective at blocking mail with senders forged in any of these domains..
I release these under the terms of the GPL ;) (In other words, use them
all you want. If you find a way to make them better, mail your changes
back to the exim list)
# All hotmail.com mail should have this header
deny sender_domains = hotmail.com
message = X-Forgery: NOT HOTMAIL
condition = ${if def:header_X-Originating-IP:{no}{yes}}
# All aol.com mail should have this header
deny sender_domains = aol.com
message = X-Forgery: NOT AOL MAILER
condition = ${if match {$h_X-Mailer:}{.*[Aa][Oo][Ll].*} {no}{yes}}
# All aol.com mail should have a matching received header
deny sender_domains = aol.com
message = X-Forgery: NOT AOL SERVER
condition = ${if match {$h_Received:}{.*by.*[Aa][Oo][Ll]\.[Cc][Oo][Mm].*}{no}{yes}}
# All yahoo.com mail will have either
# "...yahoo.com via HTTP "
# *OR*
# "...yahoo.com with NNFMP"
deny sender_domains = yahoo.com
message = X-Forgery: NOT YAHOO SERVER
condition = ${if match {$h_Received:}{yahoo.com.via.HTTP}{no}{yes}}
condition = ${if match {$h_Received:}{yahoo.com.with.NNFMP}{no}{yes}}
