On Thu, 2007-04-12 at 20:52 +0100, exim-users@??? wrote:
> Marc Perkel wrote:
> > Here's what I'd like to do. I want to create a list of domains so that
> > if a domain (might use sender, from, or return path) is in my list of
> > domains then the domain part is used to search the received lines to see
> > if that domain is found.
> >
> > This if the from is wellsfargo.com and there is no received lines that
> > has a wellsfargo.com server it will be rejected, if wellsfargo.com is in
> > the list.
> >
> > Trying to find a clean way to do this.
>
> For envelope sender... (untested)
>
> domainlist wazoo_domains = foo.com : bar.com
>
> deny condition = ${if match_domain{$sender_address_domain}{+wazoo_domains}}
> !condition = ${if match{$h_received:}{$sender_address_domain}}
> message = Envelope sender uses $sender_address_domain but no
> reference to that in the received headers
>
> Demonstrate having put some effort into figuring out the other two and
> I'll help fix them if they don't work, and/or help combine them into one
> acl.
Be careful, though. Legitimate email doesn't have to come from the
domain of the sender. As an example that's somewhat related, much of
the email from whatever@??? goes through bofa.com, which
is also Bank of America. Others employ a customer relations firm to
actually send the emails out on their behalf. So if this was meant to
catch phishing emails (as the wellsfargo.com example could indicate),
the net is likely too fine and you may get a lot of false positives,
blocking legitimate emails.
Regards,
--
*Art
