Hill Ruyter wrote:
> I am getting a lot of mail recently that is passing my HELO tests and
> callouts
> but it has clear fakery that I could test for if I knew how
>
> the envelope from and from address are not the same
> in fact the from address is pretending to be me
>
> I basically want to say
> if envelope-from is not equal to from and from is equal to me then drop
That way lies false positives. The email that I'm replying to had an
envelope sender of:
exim-users-bounces+lists.grepular.com@???
And a From header of:
"Hill Ruyter" <hill#ruyter.co.uk>
However, if you do want to take that route, in Exim you'd do something
like this in the acl_smtp_data acl:
deny condition = ${if !eq{$sender_address}{${address:$h_From:}}}
condition = ${if eq{${address:$h_From:}}{hill#ruyter.co.uk}}
--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226)
http://cardwellit.com/
