Andy Rabagliati [8/31/2003 7:41 PM] :
> I also added tests for the ip address of my mail machine as well
> (spam spoofing me as the sender) which also catches a /large/
> amount of spam.
Try these - from an earlier post I made: (in acl_check_rcpt)
# Spam control
# Be polite and say HELO. Reject anything from hosts that havn't given
# a valid HELO/EHLO to us.
deny condition = ${if \
or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
message = RFCs mandate HELO/EHLO before mail can be sent
# Forged hostname - HELOs as my own hostname or domain
deny message = Forged hostname detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged hostname detected in HELO: \
$sender_helo_name
condition = ${lookup {$sender_helo_name} \
lsearch{/usr/local/etc/exim/local_domains}{yes}{no}}
# Forged hostname -HELOs as one of my own IPs
deny message = Forged IP detected in HELO: $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged IP detected in HELO: $sender_helo_name
condition = ${if \
eq{$sender_helo_name}{$interface_address}{yes}{no}}