[ Converted text/html to text/plain ]
ok...i dont know if thats the right description but i have been getting a lot
of spoofed email messages. All these emails are coming from mail servers all
over the world and they are sent to "onename@???[1]" from
onename@???[2].
Is there an antispoof check??
i have been trying
$h_recieved
$h_to
$h_subject
$message_body
in my system filter. The filter works for everyone else. my question will it
check (filter through) on the address that are listed in relay_to_domains.(domain1.com,
etc...)
these messages are spoofed with legit email servers sending from a local
domain to a local domain.
*this is exim 4.14 running on RH 8
heres my config file if need to reference..comment on anything
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
primary_hostname = spam.localdomain1.com
domainlist local_domains = @
domainlist relay_to_domains = localdomain1.com: localdomain2.com :
localdom3.com
hostlist relay_from_hosts = 127.0.0.1
#hostlist = blocked_ip = /usr/exim/filter/blocked_ip
hostlist blocked_hosts = /usr/exim/filter/blocked_host
acl_smtp_rcpt = acl_check_rcpt
# qualify_domain =
# qualify_recipient =
# allow_domain_literals
never_users = root
host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 30s
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
# percent_hack_domains =
ignore_bounce_errors_after = 2d
# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d
##############################
#!!#This is the system filter#
##############################
system_filter = /usr/exim/filter/exim.filter
#!!# message_filter_file_transport renamed system_filter_file_transport
system_filter_file_transport = address_file
begin acl
acl_check_rcpt:
accept hosts = :
deny local_parts = ^.*[@%!/|] : ^\\.
accept local_parts = /usr/exmin/local
domains = +local_domains
require verify = sender
accept domains = +local_domains
endpass
message = unknown user
verify = recipient
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
accept hosts = +relay_from_hosts
accept authenticated = *
deny message = relay not permitted
begin routers
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
file = $home/.forward
no_verify
no_expn
check_ancestor
# allow_filter
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
# This router matches local user mailboxes.
localuser:
driver = accept
check_local_user
transport = local_delivery
begin transports
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
# group = mail
# mode = 0660
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
begin retry
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
begin rewrite
begin authenticators
# End of Exim configuration file
===References:===
1.
mailto:onename@localdomain1.com
2.
mailto:onename@localdomain1.com
