Hello
I'm dealing with spoofed email addresses in From header of emails I've
recive.
Here are sample headers of such message:
Return-path: <fountains7@???>
Envelope-to: my.email@???
Delivery-date: Wed, 01 May 2013 03:25:09 +0200
Received: from [186.37.26.103] (port=63085
helo=client-186-37-26-103.imovil.entelpcs.cl)
by main.network.szczecin.pl with esmtp (Exim 4.80)
(envelope-from <fountains7@???>)
id 1UXLnA-0003Kn-Gw
for my.email@???; Wed, 01 May 2013 03:25:09 +0200
Received: from [44.83.98.143] (account zaniesr@??? HELO
brqpl.fotnwccj.info)
by client-186-37-26-103.imovil.entelpcs.cl (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 958422789 for my.email@???; Tue, 30 Apr 2013
21:25:08 -0400
Date:Tue, 30 Apr 2013 21:25:08 -0400
From: <<my.email@???>>
X-Mailer: The Bat! (v2.00.8) Business
X-Priority: 3 (Normal)
Message-ID: <5345923582.S3JHHE94578792@???>
To: <my.email@???>
MIME-Version: 1.0
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
Subject: *** SPAM *** do CV # 9823
I changed my email address to: my.email@???
Please take a look at From: header:
From: <<my.email@???>>
Until today I've successfuly denied messages with from like this:
From: my.email@???
But now, when it has multiple << and >> signs - my ACL rules does not help.
I used such ACL rules to stop spoofed email:
condition = ${if or {\
{match_domain{${domain:$rh_from:}}{+local_domains}}\
{match_domain{${domain:${address:$rh_from:}}}{+local_domains}}\
{match_domain{${domain:${reduce{${addresses:$h_from:}}{}{$item}}}}{+local_domains}}\
{match_domain{${domain:${reduce{${addresses:$h_from:}}{}{${if
eq{$value}{}{$item}{$value}}}}}}{+local_domains}}\
}{yes}{no}}
Can anyone help me why above rules does not prevent emails with from like:
From: <<my.email@???>>
?
Any help would be appreciated.
Mike
