[exim] tring to reject mail based on "From:" and "Reply-to:"

Top Page
Delete this message
Reply to this message
Author: Mark Murray
Date:  
To: exim-users
Subject: [exim] tring to reject mail based on "From:" and "Reply-to:"
Hi folks

I'm trying to reject spam from certain rather persistent spammers.

in acl_check_rcpt I have this:

  drop    message        = BLACKLIST-1: Locally blacklisted sender address
          !authenticated = *
          senders        = ${lookup{$sender_address}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{$sender_address}}


  drop    message        = BLACKLIST-2: Locally blacklisted sender address
          !authenticated = *
          senders        = ${lookup{$h_x-sender:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{$h_x-sender:}}


... and it works as would expect on the sender and envelope-sender. One
particularly persistent spammer changes his sender address, but is
recognisable by his From: and Reply-to: headers, and I'd like to be able
to do something like the above (obviously in acl_check_data!). I have
this, so far:

  deny
    message             = X-JUNK-1: Unwanted junk mail
    !authenticated      = *
    condition           = ${lookup{$h_from:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{yes}{no}}


  deny
    message             = X-JUNK-2: Unwanted junk mail
    !authenticated      = *
    condition           = ${lookup{$h_reply-to:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{yes}{no}}


and it seems to be unreliable.

If local_sender_blacklist contains lines like ...

^\N.*@mydeals\.ro$\N

... then I'd hope to see mails with <anything>@mydeals.ro forged into
the From: or Reply-To: headers rejected after the DATA part of the SMTP
transaction. In actual fact, this is unreliable, and only some of them
are rejected. Can anyone see anything wrong with what I am doing or
expecting of the rules?

Thanks!

M
--
Mark R V Murray
Pi: 132511160