[exim] Spam Fighting Trick

Top Page

Reply to this message
Author: Marc Perkel
Date:  
To: exim-users
New-Topics: Re: [exim] Spam Fighting Trick - Revised
Subject: [exim] Spam Fighting Trick
I've noticed that a lot of Nigerian style spam has an interesting
characteristic where they use a from address of one public free email
service and a reply-to address of another free public email service. For
example, a spam from yahoo.co.jp will have a reply-to of yahoo.com or
hotmail.com. So I created an ACL that seems to be working to catch these.

deny    condition = ${if 
match_domain{${domain:$h_Reply-to:}}{/etc/exim/run/freemaildomains.txt}}
    condition = ${if 
match_domain{${domain:$h_From:}}{/etc/exim/run/freemaildomains.txt}}
    !condition = ${if eq{${domain:$h_From:}}{${domain:$h_Reply-to:}}}


aim.com
aol.co.uk
aol.com
bellsouth.net
comcast.net  
compuserve.com
excite.com 
fastmail.com
gmail.com
google.com  
hotmail.co.uk
hotmail.com
hotpop.com
juno.com
lycos.com
mail.com
msn.com
myspace.com
myway.com
sbcglobal.com
uymail.com
walla.com
web.de    
yahoo.ca  
yahoo.co.au
yahoo.co.in
yahoo.co.jp
yahoo.co.uk
yahoo.com
yahoo.de
yahoo.es
yahoo.fr
yahoo.it
yahoo.mx
yahoo.ru
yahoo.tw