IMHO a mailing list or forwarder service should NEVER use the senders
adress and "impersonate" the sender. Better to replace it with the
mailing list adress (some mailing lists do this) and forwardes should
replace the sender's adress with the adress of the forwarding account.
Den tors 31 jan. 2019 kl 23:32 skrev Richard James Salts via
Exim-users <exim-users@???>:
>
>
>
> On 28 January 2019 3:53:49 pm AEDT, Sebastian Nielsen via Exim-users <exim-users@???> wrote:
> >Its simple.
> >
> >Insert a rule, which disallows messages that are originating from your
> >domain but aren't authorized to relay.
> >This check can be done both on MAIL FROM and Mime From level.
> >
>
> You probably also want to do some kind of verifiable signature in the envelope (i.e. BATV) so that legit emails that are forwarded back to you can be allowed through. It will also help against backscatter from spam campaigns that forge addresses in your domain as bounces can be rejected if you have signed all the outgoing envelopes and it's going to a regular email address.
>
> >Something like this in acl_mail:
> >
> > accept
> > authenticated = *
> > sender_domains = nk.ca
> > set acl_m0 = authorizedrelay
> > deny
> > message = You can't spoof the domains this server is authorative for
> > sender_domains = nk.ca
> >
> >then in acl_data:
> >
> > deny
> > message = You can't spoof the MIME From this server is authorative for
> > condition = ${if match {$h_from:}{^(?i).*<.*@(.*\\.nk.ca>\$}{yes}{no}}
> > condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
> >
> >
>
> I'd echo the sentiment of the warning above. Sign your outgoing mail with dkim/arc and allow the ones where the signature still matches back in. Things like mailing lists would be rejected otherwise with the above rule. There is still the danger that the signatures get damaged in transit due to encoding changes or alterations of the subject or the addition of a footer. You may want/have to keep track of these lists and exempt them from the above policy.
>
> >That will block these form of spam that spoof your sender.
> >
> >Den sön 27 jan. 2019 kl 13:44 skrev The Doctor via Exim-users
> ><exim-users@???>:
> >>
> >> I am certain many of you have seen this, but how do you block /
> >bounce said
> >> below e-mail via exim using spamassassin / clamd ?
> >>
> >> Using FreeBSD 11.2 ports of Exim.
> >>
> >>
> >>
> >> ----- Forwarded message from doctor@??? -----
> >>
> >> Date: 27 Jan 2019 07:21:14 -0300
> >> From: doctor@???
> >> To: doctor@???
> >> Subject: Your account has been hacked! You need to unlock.
> >> Subject: {SPAM?} Your account has been hacked! You need to unlock.
> >> X-Mailer: Microsoft Outlook 14.0
> >>
> >> Hello!
> >>
> >> I have very bad news for you.
> >> 12/10/2018 - on this day I hacked your OS and got full access to your
> >account doctor@???
> >>
> >> So, you can change the password, yes... But my malware intercepts it
> >every time.
> >>
> >> How I made it:
> >> In the software of the router, through which you went online, was a
> >vulnerability.
> >> I just hacked this router and placed my malicious code on it.
> >> When you went online, my trojan was installed on the OS of your
> >device.
> >>
> >> After that, I made a full dump of your disk (I have all your address
> >book, history of viewing sites, all files, phone numbers and addresses
> >of all your contacts).
> >>
> >> A month ago, I wanted to lock your device and ask for a not big
> >amount of btc to unlock.
> >> But I looked at the sites that you regularly visit, and I was shocked
> >by what I saw!!!
> >> I'm talk you about sites for adults.
> >>
> >> I want to say - you are a BIG pervert. Your fantasy is shifted far
> >away from the normal course!
> >>
> >> And I got an idea....
> >> I made a screenshot of the adult sites where you have fun (do you
> >understand what it is about, huh?).
> >> After that, I made a screenshot of your joys (using the camera of
> >your device) and glued them together.
> >> Turned out amazing! You are so spectacular!
> >>
> >> I'm know that you would not like to show these screenshots to your
> >friends, relatives or colleagues.
> >> I think $639 is a very, very small amount for my silence.
> >> Besides, I have been spying on you for so long, having spent a lot of
> >time!
> >>
> >> Pay ONLY in Bitcoins!
> >> My BTC wallet: 145SmyE7DBEQExsnXZobojbQqr5UdgbCHh
> >>
> >> You do not know how to use bitcoins?
> >> Enter a query in any search engine: "how to replenish btc wallet".
> >> It's extremely easy
> >>
> >> For this payment I give you two days (48 hours).
> >> As soon as this letter is opened, the timer will work.
> >>
> >> After payment, my virus and dirty screenshots with your enjoys will
> >be self-destruct automatically.
> >> If I do not receive from you the specified amount, then your device
> >will be locked, and all your contacts will receive a screenshots with
> >your "enjoys".
> >>
> >> I hope you understand your situation.
> >> - Do not try to find and destroy my virus! (All your data, files and
> >screenshots is already uploaded to a remote server)
> >> - Do not try to contact me (this is not feasible, I sent you an email
> >from your account)
> >> - Various security services will not help you; formatting a disk or
> >destroying a device will not help, since your data is already on a
> >remote server.
> >>
> >> P.S. You are not my single victim. so, I guarantee you that I will
> >not disturb you again after payment!
> >> This is the word of honor hacker
> >>
> >> I also ask you to regularly update your antiviruses in the future.
> >This way you will no longer fall into a similar situation.
> >>
> >> Do not hold evil! I just do my job.
> >> Have a nice day!
> >>
> >>
> >> ----- End forwarded message -----
> >>
> >> --
> >> Member - Liberal International This is doctor@@nl2k.ab.ca Ici
> >doctor@@nl2k.ab.ca
> >> Yahweh, Queen & country!Never Satan President Republic!Beware
> >AntiChrist rising!
> >> https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53
> >on Atheism
> >> Birthdate: 29 Jan 1969 Redhill, Surrey, England, UK
> >>
> >> --
> >> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> >> ## Exim details at http://www.exim.org/
> >> ## Please use the Wiki with this list - http://wiki.exim.org/
> >
> >--
> >## List details at https://lists.exim.org/mailman/listinfo/exim-users
> >## Exim details at http://www.exim.org/
> >## Please use the Wiki with this list - http://wiki.exim.org/
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/