[exim] Look for local domains in entire From: header includi…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Sebastian Arcus
Dátum:  
Címzett: exim-users
Tárgy: [exim] Look for local domains in entire From: header including quoted content?
Hello everyone. Currently I use the ACL below to look for domain
impersonation in From: header of inbound email:

condition = ${if match_domain{${domain:$h_from:}}
{+local_domains}{true}{false}}

This has been working very well, but the spammers are getting cleverer,
and now we are receiving emails with the From header formatted like so:

From: "Joe Bloggs <joe.bloggs@???> via iPhone"
<some_random@???>

The above ACL doesn't kick in, as I assume it matches only against the
email part, not the name/description part.

Is there another way of using regular expressions to match against the
description/name part of the From: header? The difficulty I suppose is
that I need to match against the +local_domain list, not just a single
domain. Anyone knows if the $rh_from includes the description part in
between quotes? I've been going through the documentation, but can't
work out if it does.

I realise the above might bounce emails from mailing lists which include
the recipient's email in between the quotes - but this site never uses
any mailing lists, so that should be safe.

Any hints much appreciated




--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/