Re: [exim] Spam Fighting Trick - Revised

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Marc Perkel
CC: exim-users
Old-Topics: [exim] Spam Fighting Trick
Subject: Re: [exim] Spam Fighting Trick - Revised
I've noticed that a lot of Nigerian style spam has an interesting
characteristic where they use a from address of one public free email
service and a reply-to address of another free public email service or a
different account on the same free service. For example, a spam from
yahoo.co.jp will have a reply-to of yahoo.com or hotmail.com. So I
created an ACL that seems to be working to catch these.


deny    condition = ${if 
match_domain{${domain:$h_Reply-to:}}{/etc/exim/run/freemaildomains.txt}}
    condition = ${if 
match_domain{${domain:$h_From:}}{/etc/exim/run/freemaildomains.txt}}
    !condition = ${if eqi{${local_part:$h_From:}@${domain:$h_From:}} \
    {${local_part:$h_Reply-to:}@${domain:$h_Reply-to:}}}




aim.com
aol.co.uk
aol.com
bellsouth.net
comcast.net
compuserve.com
excite.com
fastmail.com
gmail.com
google.com
hotmail.co.uk
hotmail.com
hotpop.com
juno.com
lycos.com
mail.com
msn.com
myspace.com
myway.com
sbcglobal.com
uymail.com
walla.com
web.de
yahoo.ca
yahoo.co.au
yahoo.co.in
yahoo.co.jp
yahoo.co.uk
yahoo.com
yahoo.de
yahoo.es
yahoo.fr
yahoo.it
yahoo.mx
yahoo.ru
yahoo.tw