Author: Mark Little Date: To: exim-users Subject: [exim] Data ACL - Received: from header
Hey all,
Recently I have seen an influx of SPAM including a fake Received: from
header (not something new), but what is strange is the IP included is the
hosts actual IP address and not a fake one.
(Examples below)
So I have been trying to work out how to add an ACL to be able to scan for
this - because as far as I am concerned I should never be receiving an
email from an IP address that includes "Received: from [<same IP>]".
If someone could point me in the right direction of even let me know if
this is possible with the DATA ACL, that would be most appeciated.
Examples:
(My server is mailgate.freeparking.com)
Received: from [82.133.13.138]
by mailgate.freeparking.com with esmtp (Exim 4.69 #1 (Debian))
id 1M8v2x-0004kL-3z
for <xx@???>; Tue, 26 May 2009 07:42:25 -0400
Received: from [82.133.13.138] by smtp1.agent-mail.net; Tue, 26 May 2009
11:42:17 +0000
From: "Glenna Ford" <sghxvwi@???>
To: <xx@???>
Received: from [92.26.160.82]
by mailgate.freeparking.com with esmtp (Exim 4.69 #1 (Debian))
id 1M8eAE-00060S-4S
for <xx@???>; Mon, 25 May 2009 13:40:44 -0400
Received: from [92.26.160.82] by smtpeu2.quark.ch; Mon, 25 May 2009
17:40:40 +0000
From: "Judson Lester" <ternion@???>
To: <xx@???>
Received: from [89.35.129.85]
by mailgate.freeparking.com with esmtp (Exim 4.69 #1 (Debian))
id 1M8qpk-0001aX-J6
for <xx@???>; Tue, 26 May 2009 03:12:26 -0400
Received: from [89.35.129.85] by mx1.business.mindspring.com; Tue, 26 May
2009 09:12:23 +0200
From: "Faye Jensen" <gvuxtntk@???>
To: <xx@???>
Received: from [207.5.140.190] (helo=tcook.flotec.com)
by mailgate.freeparking.com with esmtp (Exim 4.69 #1 (Debian))
id 1M8dLA-0000Tj-Ey
for <xx@???>; Mon, 25 May 2009 12:47:58 -0400
Received: from [207.5.140.190] by mx2.hotmail.com; Mon, 25 May 2009
11:47:51 -0500
From: "Sondra Aldridge" <tequila_ik@???>
To: <xx@???>