Re: [exim] How to stop spoofed "From" address

Top Page
Delete this message
Reply to this message
Author: Terry Calie
Date:  
To: Exim-users
Subject: Re: [exim] How to stop spoofed "From" address

> Perhaps you should just use the "warn" tag instead of "deny", and simply
> log the deliver so you can check them later?
>
 >  warn
 >     ! authenticated = *
 >     condition = ${if match_domain{${domain:${address:$h_from:}}}{+localdomains}}
 >     log_message = REMOTE SENDER USED LOCAL DOMAIN USE IN FROM: HEADER

>
> --
> Dean Brooks
> dean@???
>


Great idea.  I assume I can add a header as well, so I can see that the messages would have been rejected in Thunderbird:
   warn
      ! authenticated = *
      condition = ${if match_domain{${domain:${address:$h_from:}}}{+localdomains}}
      add_header = "X-Spam-from-header: Remote Sender Used Local Domain in From header."
      log_message = REMOTE SENDER USED LOCAL DOMAIN USE IN FROM: HEADER