Re: How to bounce emails selectively with exim?
On (23/06/05 09:53), Oliver Elphick wrote:
> We get a number of spam mails and viruses sent to us with the sender
> address spoofed to appear to be from our domain. These get bounced for
> the appropriate reason (unrouteable address, spam, etc) but if the mail
> got routed through our ISP, the ISP sends the bounce straight back to me
> because they think the sender is me (though the received headers show
> the originating machine is in another domain).
>
> For example, here is an unwanted bounce message that has come back to
> me; the original message was sent from 203.101.34.73, which claimed to
> be lfix.co.uk, but isn't, of course:
> ========================================================================
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> kevin@lfix.co.uk
> SMTP error from remote mailer after RCPT TO:<kevin@lfix.co.uk>:
> host mailgate.lfix.co.uk [80.177.205.209]: 550 unknown user
>
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path: <support@lfix.co.uk>
> Received: from [203.101.34.73] (helo=lfix.co.uk)
> by relay-1.mail.demon.net with esmtp id 1DlJws-0002cD-O7
> for kevin@lfix.co.uk; Thu, 23 Jun 2005 05:08:23 +0000
> From: support@lfix.co.uk
> To: kevin@lfix.co.uk
> Subject: Your Account is Suspended For Security Reasons
> ========================================================================
>
> So if I get a bad email that purports to come from my domain but in fact
> doesn't, I would like to delete it without responding at all, while
> still bouncing bad emails that were genuinely sent within the domain.
>
> Is there a way to configure exim to do this?
Hi Oliver
I've setup spamassassin, sa-exim and clamav (daemon). Following the
debian.README file for sa-exim, it was relatively straightforward. My
setup seems to reject these most of the time with SA permanent reject
score of 8 and temporary reject score of 5. I've not seen any false
positives.
Regards
Clive
--
www.clivemenzies.co.uk ...
...strategies for business
Reply to: