Re: [exim] Stopping PayPal phishing - filter script

Pàgina inicial
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
A: Marc Perkel
CC: exim-users
Assumpte: Re: [exim] Stopping PayPal phishing - filter script
> I added the following script to my mail filter making the assumption
> that all email the comes from paypal server would have received lines
> that include paypal.com. I wanted to share this and also ask if anyone
> knows if there is a reason this wouldn't work.
>
> if "$h_from:" contains "paypal.com"
> then
>   if "$h_Received:" does not contain "paypal.com"
>   then
>      deliver spoof@???
>      finish
>   endif
> endif


IMO, it would be preferable to block this at SMTP time. Is the from: header
the same as the envelope from? If so, just block it around rcpt doing a
check like what you're doing above. (using $sender_host_address)

By doing the above, you're really becoming an open relay to spoof@???
and could actually be treated as such.

--
Lab tests show that use of micro$oft causes cancer in lab animals