This how-to prevents or at least makes it harder for spoof emails to be sent from your servers. It simply checks if the email is being sent from the localhost and if the reply to address has been set to a know spoof domain.
ok the work starts here:
Open the Runtime configuration file for Exim:
Code:
- Code: Select all
vi /usr/exim/configure
and add
Code:
- Code: Select all
system_filter = /usr/exim/exim.filter
close the file and now create the exim.filter file
Code:
- Code: Select all
vi /usr/exim/exim.filter
and paste the following into it
Code:
# Exim filter
- Code: Select all
logfile /var/log/exim_mainlog
if $received_protocol is "local" and
($header_from contains "@ebay.com" or
$header_from contains "@paypal.com")
then
logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole."
seen finish
endif
This code should work on all systems running exim 4.x and allows alot of room for sophistication. More ideas can spawn off this such as checking for $header_body etc.
I would love to hear your feed back!
