RE: [exim] Anti Phishing Trick

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Herb Martin
Date:  
À: exim-users
Sujet: RE: [exim] Anti Phishing Trick
> > Here's an anti phishing trick I came up with. The idea is
> that major
> > corps will have received lines that match the domain in the from
> > address. Paypal email must come from paypal servers. This is driven
> > from a list of institutions to test. Feedback appreciated.
> >
>
> Good idea. I've been doing a similar thing with mail from
> Hotmail and Yahoo for some time:


These are what I use in the Mail ACL (and
sometimes something similar in other sections,
like From: in the Data section)...
(I borrowed parts of these from others on the Internet):

accept condition = ${if match_domain{lc:$sender_helo_name}{\\.(\
    yahoo.com|bankofamerica.com|ebay.com|paypal.com|\
    msn.com|mail.yahoo.co.jp|globetrotter.net|relativequantity.com|\
    mosquitonet.com|atd-clan.de|9bit.qc.ca|weblnk.net|\
    online-bill.com|notmydesk.com|cisco.com|excite.com|lycos.com|\
    mail.com|bankofthewest.com|\
    aol.com|outblaze.com|tnet.com|cox.net|\
    gmail.com|rr.com|adelphia.net\
  )\$} {yes}{no}}
  log_message = X-Forgery: NOT A $sender_helo_name SERVER (OR TEMPORARY DNS
FAILURE)
          verify = helo              
       endpass
          verify = reverse_host_lookup 
        logwrite = :reject: H=$sender_fullhost listed forged domain?


## Some of the above cannot tolerate "verify=help".

accept   message = NOT A $sender_address_domain/$return_path SERVER (OR
TEMPORARY DNS FAILURE)
     log_message = NOT A $sender_address_domain/$return_path SERVER (OR
TEMPORARY DNS FAILURE)
     condition = ${if or { \
                     {match{lc:$return_path}{\\.(EBAY_AND_BANKS)\$}} \


{match{lc:$sender_address_domain}{\\.(EBAY_AND_BANKS)\$}}\
                } }
######    verify = helo              
         endpass
          verify = reverse_host_lookup 
        logwrite = :reject: H=$sender_fullhost listed forged domain?




--
Herb Martin