I've noticed that a lot of Nigerian style spam has an interesting
characteristic where they use a from address of one public free email
service and a reply-to address of another free public email service or a
different account on the same free service. For example, a spam from
yahoo.co.jp will have a reply-to of yahoo.com or hotmail.com. So I
created an ACL that seems to be working to catch these.
deny condition = ${if
match_domain{${domain:$h_Reply-to:}}{/etc/exim/run/freemaildomains.txt}}
condition = ${if
match_domain{${domain:$h_From:}}{/etc/exim/run/freemaildomains.txt}}
!condition = ${if eqi{${local_part:$h_From:[EMAIL PROTECTED]:$h_From:}} \
{${local_part:$h_Reply-to:[EMAIL PROTECTED]:$h_Reply-to:}}}
aim.com
aol.co.uk
aol.com
bellsouth.net
comcast.net
compuserve.com
excite.com
fastmail.com
gmail.com
google.com
hotmail.co.uk
hotmail.com
hotpop.com
juno.com
lycos.com
mail.com
msn.com
myspace.com
myway.com
sbcglobal.com
uymail.com
walla.com
web.de
yahoo.ca
yahoo.co.au
yahoo.co.in
yahoo.co.jp
yahoo.co.uk
yahoo.com
yahoo.de
yahoo.es
yahoo.fr
yahoo.it
yahoo.mx
yahoo.ru
yahoo.tw
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
