Hi,
As we know, spammers often fake their identity and their mail server
/ratware fakes their identity as well.
I've noticed that occasionaly I get spam that is supposedly sent from
my own server (tivon1.pointer.co.il) but clearly arrives from an
outside IP address.
I written a rule in SpamAssassin that rejects this kind of spam but I
think it really should be stopped inside Exim.
See the short log snippet below where you can see that the mail was
sent from a dynamic comcast.net address but the server had the
audacity in the "helo" command to identify itself as
"tivon1.pointer.co.il".
My Exim is configured to require sender verify but apparently it does
not include "server" verify. Is there's a command/parameter for this?
------------- exim log snippet starts ------------
2005-08-01 00:59:03 1DzLpi-0006TB-7u
H=c-24-131-41-83.hsd1.ga.comcast.net (tivon1.pointer.co.il)
[24.131.41.83] F=<atqnscjukax@???> rejected after DATA: -
Classified as spam (scored 28.8 points). Congratulations!
Envelope-from: <atqnscjukax@???>
Envelope-to: <alex@???>
P Received: from c-24-131-41-83.hsd1.ga.comcast.net ([24.131.41.83]
helo=tivon1.pointer.co.il)
by tivon1.pointer.co.il with smtp (Exim 4.50)
id 1DzLpi-0006TB-7u
for alex@???; Mon, 01 Aug 2005 00:58:58 +0300
F From: atqnscjukax@???
------------- exim log snippet ends ------------
--
Ilan Aisic
Registered Linux User 8124
http://counter.li.org
