Re: [exim] How to stop spoofed "From" address

Top Page
Delete this message
Reply to this message
Author: Dean Brooks
Date:  
To: exim-users
Subject: Re: [exim] How to stop spoofed "From" address
On Mon, Oct 15, 2007 at 07:58:59PM -0500, eximlearning@??? wrote:
> Thanks again Dean. I will definitely test it before keeping it live. Just curious... is there a way to silently save the email somewhere before rejecting it, so that I
> can watch the results of the rejection over the next few weeks to make sure that it is only junk getting rejected? After all, this access control is happening after the
> DATA section, so all the info is there, right?


I'm not aware of any way to do that in the ACLs. The message isn't
officially accepted while the ACLs are running, so there's nothing
to save at that point.

It's possible to do this via routers, but the complexity increases
obviously.

Perhaps you should just use the "warn" tag instead of "deny", and simply
log the deliver so you can check them later?

 warn
    ! authenticated = *
    condition = ${if match_domain{${domain:${address:$h_from:}}}{+localdomains}}
    log_message = REMOTE SENDER USED LOCAL DOMAIN USE IN FROM: HEADER


--
Dean Brooks
dean@???