[exim] anti-spoof acl rules

Top Page
Delete this message
Reply to this message
Author: Troy Settle
Date:  
To: exim-users
Subject: [exim] anti-spoof acl rules
After long last, I'm finally fed up with the spoofed emails from
addresses such as:

admin@
support@
info@
staff@

I successfully blocked these by adding the following to my configure:

   deny  senders = admin@???:info@???
         message = Spoofers not welcome here!


However, I need a rule that will wildcard in all local domains, but also
allow for a whitelist:

   allow senders = admin@???
   deny  senders = admin
         domains = +local_domains
         message = Spoofers not welcome here!


But, with this, Exim refuses to run. What do I need to do in order to
block all mail from admin@ any local domain?

I also notice that the above only checks the envelope sender, not the
headers. What's to prevent some damned virus/trojan/spambot from the
following:

mail from: user@???
rcpt to: user@???
...
From: support@???
To: user@???

To the average user, this still appears to be an official
corrospondance, even though it's a spoofed.

Last question: What is the potential gain from emailing someone an
"offical" notice that their account will be closed, their password has
been changed, etc...? It only seems to cause confusion without purpose.

Thanks,

--
Troy Settle
Pulaski Networks
866.477.5638
http://www.psknet.com