Autor: Chambers, Phil Datum: To: exim-users Betreff: [exim] Verifying header_from
I have been dealing with spear phishing attacks which have forged From:
addresses such as
From: custommer_support@???
Which looks plausable to our users, but which does not exist. Not just
for stopping spear phishing, but as a point of principle, I want to
reject messages like this.
I have a verify = header_sender ACL, but that does not block this
because the messages also have a header such as
Reply-to: database_upgrade@???
The header_sender verify checks that first and ignores the From: header!
It appears I could explicitly check the From: header using something
like
However, since the From: header can contain multiple addresses, the
above sample needs quite a bit of extra work. Further, I can only see
that I could check one of the addresses if more than one is present.
Am I missing something? If not, it might be a useful addition to extend
the verify condition to allow specific checks in individual header
address fields ('verify = header_from', 'verify = header_to and so on).
What do other people do to check headers?
Phil.
--------------------
Phil Chambers
Postmaster
University of Exeter