Re: [exim] How to stop spoofed "From" address

Top Page
Delete this message
Reply to this message
Author: Exim Mailing List
Date:  
To: exim-users
Subject: Re: [exim] How to stop spoofed "From" address
On Sun, Oct 14, 2007 at 01:58:21PM -0500, eximlearning@??? wrote:

> So I guess what I'm saying is how could I go about writing the following
> rule as an ACL (possibly with a call from acl_smtp_data):
>
> "If the connection is SMTP and isn't authenticated, check the "From"
> header address to see if it contains a local domain, and if it does,
> reject the message with error:


Well, if you have your local domains in a domainlist, such as:

domainlist localdomains = mydomain1.com : mydomain2.com

then you could use something like:

deny
  ! authenticated = *
  condition = ${if match_domain{${domain:${address:$h_from:}}}{+localdomains}}
  message   = sorry, external MTA's and unauthenticated MTU's don't have\
              permission to send email to this server with a header that\
              states the email is from ${lc:${domain:${address:$h_from:}}}.


Keep in mind that placement of this in your DATA ACL is important. The
ACL would need to have already accepted email that is within your IP
space. Otherwise, this will block email from your domain from *everyone*
who hasn't used SMTP auth. Unless that is what you want, of course.

--
Dean Brooks
dean@???