Re: [exim] Help extracting From-Address

Top Page
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: lucabert
CC: exim users
Subject: Re: [exim] Help extracting From-Address
On Fri, 23 Nov 2018 at 16:43, Luca Bertoncello via Exim-users <
exim-users@???> wrote:

> Hi list,
>
> we receive many E-Mails with faked From (Header), and I'm trying to
> block them.
> Currenty I extract the domain (most our own domain) and check it for
> SPF.
>
> Hier my code to extract the From:
>
>    warn   set acl_m_from  =
> ${extract{2}{@}{${reduce{${addresses:$h_from:}}{}{$item}}}}

>
> Unfortunately we receive E-Mail with TWO From addresses, such:
>
> From: Blah <blah@???> <blub@???>
>
> and then my code does not work anymore...
>
> Can someone help me to extract the FIRST address from the faked header?
>


How about keeping it simple (or this doesn't work for you)? :

# A remote host using my Domain is wrong
  deny
    hosts     = ! : !+relay_from_hosts
    message   = Using my domain is identity theft.
    condition = ${if match{${lc:$h_from:}}{${lc:$qualify_domain}}}
    condition = ${if match{${lc:$h_from:}}{\NYOUR.MAIL.DOMAIN.NAME\N}}
    condition = ${if match_domain{$sender_address_domain}{+local_domains}}



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."