Re: [exim] How to stop spoofed "From" address

Top Page
Delete this message
Reply to this message
Author: eximlearning
Date:  
To: Dave Lugo
CC: Exim-users
Subject: Re: [exim] How to stop spoofed "From" address
Thanks for the reply Dave. You are correct. The "From" is just like
mine. But just like my local exim is smart enough to not relay messages
for connections that don't have permission to send outgoing email as me,
it should be allow me to not except ones that aren't me.

I don't have any mailing lists that aren't locally run as an
authenticated user. I am a special case, I guess, but I would like to
figure out how to write this rule.

So I guess what I'm saying is how could I go about writing the following
rule as an ACL (possibly with a call from acl_smtp_data):

"If the connection is SMTP and isn't authenticated, check the "From"
header address to see if it contains a local domain, and if it does,
reject the message with error:

'sorry, external MTA's and unauthenticated MTU's don't have permission
to send email to this server with a header that states the email is from
this <domain>."

Thanks,
Terry




Dave Lugo wrote:
> On Sun, 14 Oct 2007 eximlearning@??? wrote:
>> I get a lot of junk mail to my email address, me@???
>> <mailto:me@mydomain.com>, with the header "From: me@???
>> <mailto:me@mydomain.com>". Obviously the "From:" is spoofed, because I'm
>> not sending the spam. The only way my server should except an email with
>> the header "From:*@mydomain" should be if my authenticated MUA or a
>> local script (my newsletter php program) sends it.
>>
>
> What does the 'From:...' of your email from exim-users look like?
>
> (it should have your email address in it ;)
>
>
>> There is no good reason I can think of that, another server should be
>> sending me email "from" myself.
>
> See above :)
>
>
>> Is there a way to force Exim to deny
>> these types of incoming junk emails at SMTP time? -- I assume this
>> would be done with some form of ACL?
>>
>
> Yup, but it may cause problems with mailing lists, which is
> why I never pursued it. I use a bunch of pre-DATA checks,
> and spamd, which catch/block most of the spam I'd otherwise
> get.
>
>