Hi folks
I'm trying to reject spam from certain rather persistent spammers.
in acl_check_rcpt I have this:
drop message = BLACKLIST-1: Locally blacklisted sender address
!authenticated = *
senders = ${lookup{$sender_address}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{$sender_address}}
drop message = BLACKLIST-2: Locally blacklisted sender address
!authenticated = *
senders = ${lookup{$h_x-sender:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{$h_x-sender:}}
... and it works as would expect on the sender and envelope-sender. One
particularly persistent spammer changes his sender address, but is
recognisable by his From: and Reply-to: headers, and I'd like to be able
to do something like the above (obviously in acl_check_data!). I have
this, so far:
deny
message = X-JUNK-1: Unwanted junk mail
!authenticated = *
condition = ${lookup{$h_from:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{yes}{no}}
deny
message = X-JUNK-2: Unwanted junk mail
!authenticated = *
condition = ${lookup{$h_reply-to:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{yes}{no}}
and it seems to be unreliable.
If local_sender_blacklist contains lines like ...
^\N.*@mydeals\.ro$\N
... then I'd hope to see mails with <anything>@mydeals.ro forged into
the From: or Reply-To: headers rejected after the DATA part of the SMTP
transaction. In actual fact, this is unreliable, and only some of them
are rejected. Can anyone see anything wrong with what I am doing or
expecting of the rules?
Thanks!
M
--
Mark R V Murray
Pi: 132511160
