Hi:
I'm running Exim 4.05 on Linus RedHat 7.2. I'm trying to block a few
persistent spammers by putting a "deny" in the RCPT ACL that looks like
this:
deny sender_domains = partial-lsearch;/usr/local/exim/cfg/spamdom.txt
where the spamdom.txt file has lines in like this:
*.freelotto.com
*.mylottomail.com
This works, but it seems to be rejecting on the basis of the value after
the F= tag in the reject log. I assume this is from the From header,
but I haven't found any reference to it in the manual. The chapter on
ACLs says if you specify "senders" or "sender_domains", Exim will check
"the sender of the message" against these lists. This is not
particularly enlightening. ;-)
Is it checking the From header value in this case and is this not
easily forged?
Is there some way to check against the sending host?
Is there a better way to accomplish this type of blocking, or is this
as good as it gets?
Any comments appreciated. Thanks.
Russ
PS: A table in the "Log files" chapter of the manual, giving the
definitions of all those H=, F=, S=, T=, etc tags would be really useful.
--
Russell D. Wilton E Mail: WILTON@???
Network Services Manager Voice: (403) 329-2525
University of Lethbridge FAX: (403) 382-7108
4401 University Drive Lethbridge, Alberta, CANADA T1K 3M4