Re: [exim] Trying to block by Reply-To/From headers match

Top Page
Delete this message
Reply to this message
Author: Alex King
Date:  
To: exim-users
Subject: Re: [exim] Trying to block by Reply-To/From headers match
>From
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html:

This condition tests the sender of the message against the given list...
Warning: It is a bad idea to use this condition on its own as a control
on relaying, because sender addresses are easily, and commonly, forged.

Also from that section:

You cannot test the contents of the message, for example, to verify
addresses in the headers, at RCPT time or when the DATA command is
received. Such tests have to appear in the ACL that is run after the
message itself has been received, before the final response to the DATA
command is sent. This is the ACL specified by acl_smtp_data, which is
the second ACL that is associated with the DATA command.

So in the acl_smtp_data you could put a custom condition and match
against headers, e.g. $header_from and/or $h_reply-to.

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#SECTexpansionitems

Alternatively, if you are using spamassassin or another spam scoring
system you can put a rule there.

HTH,
Alex

On 16/01/21 3:25 pm, Konstantin Boyandin via Exim-users wrote:
> Hello,
>
> I am willing to block messages containing certain patterns in
> From:/Reply-To: containing certain pattern.
>
> I tried first blocking by senders: test configuration contains (right
> below "begin acl"):
>
> --- configuration snippet below
> acl_check_sender:
>     deny    senders = /etc/exim/sender_reject.list

>
>     accept
> --- configuration snippet above

>
> and the mentioned /etc/exim/sender_reject.list contains
>
> user@???
> *@example.net
> *@example.org
>
> To block "user@???" and all senders from example.net and
> example.org domains.
>
> As far as I understood, the above only filters by the address reported
> in "MAIL FROM" SMTP command (i.e., by Return-Path), which can be bogus.
> How do I do correct filtering by Reply-To:/From: (using From: only if
> Reply-To: is missing)?
>