Autor: Charlie Fecha: A: exim-users Asunto: [exim] block emails with more than one 'Received: from' header
Hello,
I am currently providing an email service to a hotel.
All SMTP traffic from the hotel is redirected to my Exim server, which
authenticates it based on the hotel's IP address.
This all works great, except recently we have found that spammers have found
a way to access a computer within the hotel's network, and have thus been
able to use my server to send emails.
The only means by which I think I can restrict traffic so that it *truly*
comes from within the hotel's IP address, is to make it so that the emails
must have *only one* 'Received: from' header.
To further illustrate what I'm talking about, here is a sample header of a
spam email sent through the hotel network (I've changed IP addresses/server
names):
Received: from [83.22.55.77] (helo=freha.pl)
by myeximserver.com with smtp (Exim 4.69)
(envelope-from <portuneeeqo@???>)
id 1NZTrC-000846-N1; Mon, 25 Jan 2010 18:40:15 +0000
Received: from unknown (156.209.88.22)
by mts.locks.grgtween.net with QMQP; Sat, 23 Jan 2010 20:33:05 -1100
Received: from mts.locks.grgtween.net ([Sat, 23 Jan 2010 20:21:36 -1100])
by smtp-server1.cfdenselr.com with ESMTP; Sat, 23 Jan 2010 20:21:36 -1100
Received: from m1.gns.snv.thisdomainl.com ([14.45.232.93]) by
relay37.vosimerkam.net with NNFMP; Sat, 23 Jan 2010 20:04:57 -1100
If the email was truly from just within the hotel's network, it would only
have the header below (i.e. only one 'Received: from' header)
Received: from [83.22.55.77] (helo=freha.pl)
by myeximserver.com with smtp (Exim 4.69)
(envelope-from <portuneeeqo@???>)
id 1NZTrC-000846-N1; Mon, 25 Jan 2010 18:40:15 +0000