Re: [exim] Remote Recipient Blacklisting...what am I missing…

Góra strony
Delete this message
Reply to this message
Autor: Kevin Colagio
Data:  
Dla: exim-users
Temat: Re: [exim] Remote Recipient Blacklisting...what am I missing?

We would like to make it so that any outbound mail to a certain
recipient is blocked and the user is notified of why the message is
being stopped. The sooner we can stop the message, the better.

Primarily, we want it to address specific Reply-To: addresses, however
we can also see blocking domains and/or networks as well...though
probably less often.

As an example, we had a phishing attempt come in through a good server
(possibly a compromised account) which presented a potentially
legitimate appearing name, but the Reply-To: was set to
accountsupgradingteam2008@??? ....so I want to block any mail going
to that address so mail cannot get to them.

Thanks!

--Kevin.

Dave Evans wrote:
> On Wed, Mar 19, 2008 at 08:08:43AM -0400, Kevin Colagio wrote:
>> We have been hit with a lot of phishing attempts lately, and while our
>> users are pretty good about it, I'd like to be able to implement a
>> recipient blacklist on the server.
>
> What effect are you seeking to achieve? Are you seeking to block outbound
> mail (your users => big bad Internet) based on recipient? Are you wanting to
> block inbound mail? Are you wanting to block bounces?
>
> Also, how are the messages that you want to block arriving into Exim - via
> SMTP, or something else? If the messages are arriving via SMTP, presumably
> you're trying to block it at the RCPT stage. Try running a debug session
> pretending to be one of your users, e.g. like so:
> exim -d+all -bh 192.168.1.2
> where that's one of your users' IP addresses.
>
>


-- 
    Kevin Colagio: Systems Analyst, Reef Geek, and Perpetual Student
    Computing and Information Technology, SUNY at Geneseo, South 124
    colagio@???    (585) 245-5577     http://www.geneseo.edu
Experience is a harsh teacher, the tests are first, the lessons follow.