--
On Tue, Jul 09, 2002 at 02:34:35PM -0600, Russell Wilton wrote:
| Hi:
| I'm running Exim 4.05 on Linus RedHat 7.2. I'm trying to block a few
| persistent spammers by putting a "deny" in the RCPT ACL that looks like
| this:
|
| deny sender_domains = partial-lsearch;/usr/local/exim/cfg/spamdom.txt
| This works, but it seems to be rejecting on the basis of the value after
| the F= tag in the reject log.
Yes. That is the envelope sender.
| I assume this is from the From header,
No.
| Is it checking the From header value in this case
No.
| and is this not easily forged?
Yes, and so it the envelope sender. Everything but the RCPT is easy
to forge.
| Is there some way to check against the sending host?
Do you mean the host where the message originated? No.
Do you mean the host on the other side of the TCP connection? Yes.
deny hosts = ...
| Is there a better way to accomplish this type of blocking, or is this
| as good as it gets?
Install sa-exim :-). It (mostly) works much better.
-D
--
Microsoft is to operating systems & security ....
.... what McDonald's is to gourmet cooking
http://dman.ddts.net/~dman/
--
[ Content of type application/pgp-signature deleted ]
--