Re: [exim] anti-spoof acl rules

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Troy Settle
Date:  
À: exim-users
Sujet: Re: [exim] anti-spoof acl rules



Mark Smith wrote:
>
>
>
>>-----Original Message-----
>>From: exim-users-bounces@???
>>[mailto:exim-users-bounces@exim.org] On Behalf Of Troy Settle
>>Sent: 20 July 2005 15:09
>>
>>DUH!! accept maybe? Let's ignore this part for now though,
>>first I want to figure out how to block these role accounts:
>>
>>   deny senders = admin
>>        domains = +local_domains

>>
>>It didn't block anything, so I tried this as well:
>>
>>   deny senders = admin@*
>>        domains = +local_domains

>>
>>It blocked external domains as well as locals.
>>
>>So... how do I block admin@local without blocking admin@external ?
>
>
>
> Try this:
>
>   deny 
>     senders = admin@*
>     sender_domains = +local_domains
>     !domains = +local_domains

>
> This will stop any local users sending from the address admin@, but allow
> external messages from admin to local users. However I'm not sure that's
> what you're trying to achieve.
>
> - Mark
>
>


Actually, I want to prevent /anyone/anything/ from sending /any/ email
that appears to be from admin@ or webmaster@ or any other role account.
I don't care if they're local or remote.

Anyways, I tried this, which blocks all email from admin@, including
admin@???, which I do not want.

   deny senders        = admin@*
        sender_domains = +localdomains


I also tried this, which didn't block admin@ any domain.

   deny senders        = admin
        sender_domains = +localdomains



The purpose of this excercise, is to prevent email like this (which came
from a Sprint DSL customer's computer):

> From: admin@???
> To: user@???
> Subject: Account Deactivation
>
> Dear Psknet Member,
> Your e-mail account was used to send a huge amount of unsolicited spam
> messages during the recent week. If you could please take 5-10 minutes
> out of your online experience and confirm the attached document so you
> will not run into any future problems with the online service.
>
> If you choose to ignore our request, you leave us no choice but to
> cancel your membership.
>
> Virtually yours, The Psknet Support Team



There seems to be a huge number of variations of these messages, they
arrive "from" webmaster, hostmaster, info, sales, billing, support,
admin, administrator, abuse, etc... NONE of these email addresses
(except two) should be originating email messages, but I can't just turn
off role accounts. I want to eliminate all email /from/ these accounts,
except from a list of approved IP addresses.

Now, I not only want to eliminate these messages for my domain, but also
for the 100-something domains that I host, which is why I want to
wildcard these for /any/ local domain.

The only problem, is that some of those hosted customers may have a
legit need to send mail from admin@ or similar, hence the need to also
white list some specific addresses.

--
Troy Settle
Pulaski Networks
866.477.5638
http://www.psknet.com