Author: AC Date: To: exim-users Subject: Re: [exim] Deny when from and to are the same (Jeremy Harris)
> > On 06/04/2019 07:50, Andrew C Aitchison via Exim-users wrote:
>> On Fri, 5 Apr 2019, AC via Exim-users wrote:
>>> ?deny
>>> ?? hosts = ! +relay_from_hosts
>>> ?? condition = ${if eqi{$sender_address}{$local_part@$domain}}
>>> ?? log_message = Same sender and recipient address
>>>
>>> ?deny
>>> ?? hosts = ! +relay_from_hosts
>>> ?? condition = ${if eqi{$reply_address}{$local_part@$domain}}
>>> ?? log_message = Same sender and reply address
>>>
>>> I'm trying to check when the From: address is the same as the To:
>>> address and the? mail is coming from a host outside my accepted network.
>>>
>>> I just received a message where the addresses in From and To were the
>>> same but neither of these rules captured it.
>>>
>>> What am I missing to perform this check and deny spam? messages like
>>> this?
>>
>> acl_smtp_rcpt runs when processing the RCPT;
>> $reply_address cannot be set until the acl_smtp_data ACL.
>
> Also, by "From and To" you're probably talking about the
> From: and To: headers. The addresses in those are not always
> the same as those in the envelope for the message. Read up
> on email basics if this isn't clear.
>
No, I understand what I'm looking at and I know what I'm asking for. I
was examining the spam I received and observed that the Envelope-to, To:
and From: all were identical. The envelope-from and Return-path did not
match the first three. However, nearly every legitmate email I receive
does not have Envelope-to, To and From matching each other exactly (with
the exception of a couple of mailing lists that I can whitelist). So I
tried writing the rules to take care of this.
The reminder about acl_smtp_data was the pointer I needed. I moved the
stanzas there and altered them to look for the headers specifically and
it has been working.