On 26/01/2010 07:20, Charlie wrote:
> I am currently providing an email service to a hotel.
> All SMTP traffic from the hotel is redirected to my Exim server, which
> authenticates it based on the hotel's IP address.
> This all works great, except recently we have found that spammers have found
> a way to access a computer within the hotel's network, and have thus been
> able to use my server to send emails.
> The only means by which I think I can restrict traffic so that it *truly*
> comes from within the hotel's IP address, is to make it so that the emails
> must have *only one* 'Received: from' header.
>
> To further illustrate what I'm talking about, here is a sample header of a
> spam email sent through the hotel network (I've changed IP addresses/server
> names):
>
> Received: from [83.22.55.77] (helo=freha.pl)
> by myeximserver.com with smtp (Exim 4.69)
> (envelope-from<portuneeeqo@???>)
> id 1NZTrC-000846-N1; Mon, 25 Jan 2010 18:40:15 +0000
> Received: from unknown (156.209.88.22)
> by mts.locks.grgtween.net with QMQP; Sat, 23 Jan 2010 20:33:05 -1100
> Received: from mts.locks.grgtween.net ([Sat, 23 Jan 2010 20:21:36 -1100])
> by smtp-server1.cfdenselr.com with ESMTP; Sat, 23 Jan 2010 20:21:36 -1100
> Received: from m1.gns.snv.thisdomainl.com ([14.45.232.93]) by
> relay37.vosimerkam.net with NNFMP; Sat, 23 Jan 2010 20:04:57 -1100
>
> If the email was truly from just within the hotel's network, it would only
> have the header below (i.e. only one 'Received: from' header)
>
> Received: from [83.22.55.77] (helo=freha.pl)
> by myeximserver.com with smtp (Exim 4.69)
> (envelope-from<portuneeeqo@???>)
> id 1NZTrC-000846-N1; Mon, 25 Jan 2010 18:40:15 +0000
>
> Any way to do this?
I think you should be able to put this in your acl_smtp_data acl:
deny condition = ${if !eq{$h_Received:}{}}
message = Received headers not allowed
MUAs shouldn't be adding their own received headers before submitting
messages to your server.
--
Mike Cardwell : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https://secure.grepular.com/
Spamalyser : Spam Tool - http://spamalyser.com/