Re: [exim] Help with our postmaster@my.domain being spoofed …

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMexim-users at <-
MIan Eiloart at ->
Delete this message
Reply to this message
Author: Edward St Pierre
Date:  
To: paul.mcilfatrick@bt.com
CC: exim-users
Subject: Re: [exim] Help with our postmaster@my.domain being spoofed as a sender address
OK these are bounce messages, so they have no sender.

If all outbound email is sent via this server of yours I would add a rule to
the data acl that checks for your local hostname in the message body if the
sender is null. Therefore all emails that generated a bounce from your
domain that did not actually get sent by yourself would get rejected.

So something like this might work.

in RCPT ACL 

     warn    senders = :
                set acl_m1 = yes


in DATA ACL 

        deny    message       = Unsolicited Bounce Detected
                condition     = ${if  def:acl_m1{1}{0}}
                condition     = ${if match
{$message_body}{$primary_hostname}{0}{1}}



Regards

Ed St Pierre

On 26/10/06, paul.mcilfatrick@??? <paul.mcilfatrick@???> wrote:
>
> Hi
>
> Having searched the exim mail archives and not found my problem there I
> thought of asking the experts.
>
> I am postmaster for a local company mail server (it is running Exim
> 4.63) that receives its e-mail from our company mail relay which does
> the virus checking of the e-mail as it arrives into the company.
>
> We have a lot of e-mail arriving for users that have left the company
> and so I created a reject-list file which is checked in the
> acl_smtp_rcpt acl so that these e-mails are rejected early which saves
> on downloading them and running them through Spamassassin (use sa-exim).
>
> This works fine for most of this type of spam.
>
> But lately, an increasing percentage of this spam is arriving with the
> sender spoofed to be postmaster@??? (i.e. me) and when Exim issues
> a deny because the recipient has left I then get an e-mail from the
> postmaster of our company mail relay sent to postmaster@??? to
> inform me that the e-mail to jbloggs@??? failed because of unknown
> user!
>
>
> How can I reject this type of spam without getting the e-mail from
> postmaster of our company mail relay?
>
> Would my only option to stop this happening be to accept these e-mails
> (but then I would like to bin it without spam checking it which I'm not
> sure is possible when using sa-exim)?
>
>
> Thanks
>
>
> Paul McIlfatrick
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
>

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Help with our postmaster@my.domain being spoofed as a senderaddressRe: [exim] system_filter->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)