On 2011-10-04 at 18:06 -0400, Frank DeChellis wrote:
> We use Exim 4.71nb on NetBSD 5.0 . We are getting bombarded with spam with
> the from: address showing as our own domain, but the return-path and
> envelope-from showing somebody else (the spammer).
>
> I attached the header below. Our domain is iaw.on.ca
>
> Is there an ACL statement that could reject this immediately. I tried a few
> with no success, just a lot of rejecting of good email.
Do you have well-defined lists of where mail from your domain can
originate from?
deny sender_domains = +local_domains
!hosts = +internal_hosts
(where you'd create the hostlist "internal_hosts"). This assumes that
any external mailing-lists your folks are subscribed to will send mail
with an envelope sender pointing to the list management software.
If you outsource some of your mail sending, you'd need to do something
else. If the outsourced agency publishes SPF records, you could SPF
check your own mail, if not coming from your own address-space. If you
set up DKIM for yourself and them, you could check DKIM instead.
-Phil
