if ( $received_protocol is "local" or
$received_protocol is "esmtpa" ) and
($sender_address contains "@ebay.com" or
$sender_address contains "@paypal.com" or
$sender_address contains "@yahoo.com" or
$sender_address contains "@aol.com"or
$sender_address contains "@gmail.com" or
$sender_address contains "@hotmail.com" or
$sender_address contains "@msn.com" or
$sender_address contains "@cox.com" or
$sender_address contains "aol.com" )
then
save /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
logwrite "$tod_log $message_id => Outgoing mail with reply address
$header_from caught. Email sent to black hole."
seen finish
endif
Basically, this is what it does.
It checks if the email is sent either using
"local" ( ie, emails send using forms and scripts ) or
"esmtpa" ( ie, emails sent after autheticating )
and if it matches either of the 2 conditions, it checks for the from
address and if it matches either ( aol, hotmail, etc ), it will block the
email and append it to /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
Now, this is what we need. We need to modify the filter so that emails are
sent out only if the from address is present in /etc/localdomains. That
way, all spoofed spam emails from the server can be blocked. Any help on
this is much appreciated.
