Hello everyone. Currently I use the ACL below to look for domain
impersonation in From: header of inbound email:
condition = ${if match_domain{${domain:$h_from:}}
{+local_domains}{true}{false}}
This has been working very well, but the spammers are getting cleverer,
and now we are receiving emails with the From header formatted like so:
From: "Joe Bloggs <joe.bloggs@???> via iPhone"
<some_random@???>
The above ACL doesn't kick in, as I assume it matches only against the
email part, not the name/description part.
Is there another way of using regular expressions to match against the
description/name part of the From: header? The difficulty I suppose is
that I need to match against the +local_domain list, not just a single
domain. Anyone knows if the $rh_from includes the description part in
between quotes? I've been going through the documentation, but can't
work out if it does.
I realise the above might bounce emails from mailing lists which include
the recipient's email in between the quotes - but this site never uses
any mailing lists, so that should be safe.
Any hints much appreciated
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
