Re: [exim] Stopping PayPal phishing - filter script

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
CC: exim-users
Subject: Re: [exim] Stopping PayPal phishing - filter script
Yes - That would bypass it. I have secondary tricks to catch more of
them - unique to my system - but this one seems to get a lot. Of course
- if anyone wants to improve in this that would be great.

Lanny Jason Godsey wrote:

>helo paypal.com
>
>Won't that do the trick to bypass?
>
>Lanny
>
>--- Marc Perkel <marc@???> wrote:
>
>
>
>>I added the following script to my mail filter making the assumption
>>that all email the comes from paypal server would have received lines
>>
>>that include paypal.com. I wanted to share this and also ask if
>>anyone
>>knows if there is a reason this wouldn't work.
>>
>>if "$h_from:" contains "paypal.com"
>>then
>>   if "$h_Received:" does not contain "paypal.com"
>>   then
>>      deliver spoof@???
>>      finish
>>   endif
>>endif

>>
>>
>>--
>>## List details at http://www.exim.org/mailman/listinfo/exim-users
>>Exim details at http://www.exim.org/ ##
>>
>>
>>
>
>
>
>