[exim] Outgoing mail filter using exim

Top Page
Delete this message
Reply to this message
Author: amalji@gmail.com
Date:  
To: exim-users
Subject: [exim] Outgoing mail filter using exim
Dear Team,

We setup an outgoing spam filter using exim to block spoofed emails.
Basically, this is what we did.

(root)>grep ^system_filter /etc/exim.conf
system_filter = /etc/exim.filter
system_filter_user = cpaneleximfilter
system_filter_group = cpaneleximfilter
system_filter_file_transport = address_file

(root)>cat /etc/exim.filter
# Exim filter

logfile /var/log/exim_filterlog

if ( $received_protocol is "local" or
$received_protocol is "esmtpa" ) and
($sender_address contains "@ebay.com" or
$sender_address contains "@paypal.com" or
$sender_address contains "@yahoo.com" or
$sender_address contains "@aol.com"or
$sender_address contains "@gmail.com" or
$sender_address contains "@hotmail.com" or
$sender_address contains "@msn.com" or
$sender_address contains "@cox.com" or
$sender_address contains "aol.com" )
then
save /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
logwrite "$tod_log $message_id => Outgoing mail with reply address
$header_from caught. Email sent to black hole."
seen finish
endif
Basically, this is what it does.
It checks if the email is sent either using
"local" ( ie, emails send using forms and scripts ) or
"esmtpa" ( ie, emails sent after autheticating )
and if it matches either of the 2 conditions, it checks for the from
address and if it matches either ( aol, hotmail, etc ), it will block the
email and append it to /var/cpanel/userhomes/cpaneleximfilter/mail/inbox

Now, this is what we need. We need to modify the filter so that emails are
sent out only if the from address is present in /etc/localdomains. That
way, all spoofed spam emails from the server can be blocked. Any help on
this is much appreciated.

--
#####
Amal