Re: [exim] Is that SPAM? Or am I compromised?

Top Page
Delete this message
Reply to this message
Author: exi.ml
Date:  
To: exim-users
Subject: Re: [exim] Is that SPAM? Or am I compromised?
Thank you Gedalya for answering.

On 13/03/2023 12:02, Gedalya via Exim-users wrote:
> On 3/13/23 05:34, Yves via Exim-users wrote:
>> — This email went through very few intermediaries to reach my server (yalis.fr). Apparently, it actually came directly from the sender (a Palestinian ISP).
> > Why would that surprise you? They just did exactly that.


Yes, it is just that most emails I receive are sent through ISPs or from
commercial companies, and go through a bunch of internal relays.
Although completely standard, such direct emails are rare enough for me
that I noticed…

>> — There is a DKIM signature done by my own server (d=yalis.fr), which includes the From header, and that header is @yalis.fr.
> As Slavko said, check that the signature is actually valid. If it is, review you exim config and see how they might have been able to get your exim to sign the message. Maybe you have a flaw in your config?


If that is any help, my server is built using Ansible, and the whole
configuration is public:
https://yalis.fr/git/yves/home-server/src/branch/master/roles/dmz_exim/tasks/main.yml

Based on Archlinux packaging for Exim
(https://github.com/archlinux/svntogit-community/blob/packages/exim/trunk/PKGBUILD),
my exim.conf seems to be just upstream Exim 4.96 configuration. Then I
patch it using Ansible with various rules.

Regards