Re: [exim] Denying spam with forged from

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Denying spam with forged from
Patryk Rzadzinski wrote:
> I have adjusted the penalty points for spam in spamassassin and so far they
> remove 99% spam or even more, without removing a single valid email, which is
> rather good. The only space for improvement now is to get rid of some spam
> before acl_check_data, so I tried these
>
> On 2008-11-30 18:49, Dave Pooser wrote:
>>   deny    message    = Remote host used IP address in HELO/EHLO greeting
>>     !hosts    = +whitelisted
>>     condition   = ${if isip {$sender_helo_name}{true}{false}}

>>
> And also
>>    deny    message    = Remote host used our name in HELO/EHLO greeting.
>>     !hosts    = +whitelisted
>>     condition   = ${if match_domain{$sender_helo_name}
>> {$primary_hostname:+local_domains:+relay_to_domains}}

>>
> Without the whitelist hostlists for now, to see how it behaves, however spam
> with my hostname in the from field is still being rejected after data - why
> would this happen? These conditions look perfectly valid...
>
> --
> Regards,
>
> Patryk
>


- The HELO check is a good test, but it has nothing at all to do with
the 'From:' field you see in an MUA.

- The 'From:' field you see in an MUA may *or may not* even have
anything to do with what was presented in acl_smtp_mail_from.

Your test for that is elsewhere - neither of the above acl's looks at
it. You'll have to track it down.

Bill