[exim] Re: Spam problem

Top Page
Delete this message
Reply to this message
Author: Oleksandr Kryvulia
Date:  
To: exim-users
Subject: [exim] Re: Spam problem
25.10.24 00:27, Sławomir Dworaczek via Exim-users:
> recently I receive a lot of spam that looks like it was sent from my
> address to my address
> I added to the configuration:
> set acl_m0 = authorizedrelay
>
> deny
> message = 5.7.0 You can't spoof the domains this server is authorative
> for
> sender_domains = ^(?i).*(mydomain.pl)\$
>
> deny
> message = 5.7.0 You can't spoof the MIME From this server is authorative
> for
> condition = ${if match
> {$h_from:}{(?i)@([a-zA-Z0-9_.\\-]*\\.)?(mydomain.pl)}{yes}{no}}
> condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
> unfortunately it didn't help
> What else can I do?
>
> below source Return-path: <myaddress@???> Envelope-to:
> myaddress@??? Delivery-date: Thu, 24 Oct 2024 11:17:48 +0200
> Received: from exim by mydomain.com with bogodone (Exim 4.98)
> (envelope-from <myaddress@???>) id 1t3tyV-0000 00000Qb-0i1j
> for myaddress@???;
> Thu, 24 Oct 2024 11:17:48 +0200 Received: from
> fixed-189-203-51-194.totalplay.net ([189.203.51.194]) by mydomain.com
> with esmtp (Exim 4.98) (envelope-from <myaddress@???>) id
> 1t3tyc-0000 00000PD-3FGa for myaddress@???;
> Thu, 24 Oct 2024 11:17:47 +0200 From: <myaddress@???> To:
> <myaddress@???> Date: 23 Oct 2024 19:50:36 -0700
> MIME-Version: 1.0 Subject: No reply.
> Message-ID: <6719BC50.3211.80F7B8@???> Priority:
> normal X-mailer: Pegasus Mail for Windows (4.41) Content-type:
> multipart/alternative; boundary="Alt-Boundary-89712.1329582"
> X-Spam-Bar: ++++++ X-Bogofilterd: true charset="ibm852"
> Content-transfer-encoding: QUOTED-PRINTABLE Content-description: Mail
> message body
>
>

We have this simple check:

accept  authenticated = *
         condition     = ${if eq{$received_port}{587} }
         control       = submission/sender_retain
......
deny hosts = !+relay_from_hosts
    domains   = +local_domains
    condition = ${if or{ { eq{$sender_address}{$local_part@$domain} }\
    { eq{$sender_address_domain}{$domain} } } }
    message = The same local addresses or domain in MAIL FROM and RCPT
TO from nonlocal relay

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/