Re: [exim] Spoofed email

Top Page
Delete this message
Reply to this message
Author: Alan Hicks
Date:  
To: Tommy Phipps
CC: exim-users
Subject: Re: [exim] Spoofed email
Tommy Phipps wrote:
> Our company is receiving spoofed emails using our domain name along with
> many combinations of user names.
>
> I'm wondering if Exim can be set up to detect these spoofed messages to keep
> them from being passed to Exchange.
>
> Thanks in advance for your help.
>
> Tommy Phipps


Yes, I'm using the experimental Sender Policy Framework and it works
well for this scenario. I used to get spoofed mail for most of the
domains I manage. Now they are stopped when they say who they are
sending as.

You need to set up your dns record and you can find help and the tools
from http://www.openspf.org/ then set up an acl to reject those that
don't come from your approved senders. My acl is as follows:

# this acl checks after smtp mail
acl_check_mail:
   accept  authenticated = *
   accept spf   = pass
   deny message = $sender_host_address is not allowd to send mail from 
sender_address_domain
        spf     = fail
   accept spf   = !fail


The bonus is that it also blocks imposters for other domains that
implement spf. There are issues with forwarded mail (see other
discussions on this list), but for the domains I manage this is one of
the better solutions.

Alan