I am getting a lot of mail recently that is passing my HELO tests and callouts but it has clear fakery that I could test for if I knew how
the envelope from and from address are not the same in fact the from address is pretending to be me I basically want to say if envelope-from is not equal to from and from is equal to me then drop #here is an example: (my email address has @ replaced with #) Return-path: <[email protected]> Envelope-to: hill#ruyter.co.uk Delivery-date: Fri, 05 Jun 2009 14:09:59 +0100 Received: from [74.72.203.118] (helo=cpe-74-72-200-118.nyc.res.rr.com) by mail.ruyter.co.uk with esmtp (Exim 4.60) (envelope-from <[email protected]>) id 1MCZBF-00048N-Tn for [email protected]; Fri, 05 Jun 2009 14:09:59 +0100 Message-ID: <000d01c9e5e1$c039b720$6400a...@resellmga4> From: hill#ruyter.co.uk To: <hill#ruyter.co.uk> Date: Fri, 5 Jun 2009 09:30:11 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C9E5E1.C039B720" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-SA-Exim-Connect-IP: 74.72.203.118 X-SA-Exim-Mail-From: [email protected] X-Spam-Checker-Version: SpamAssassin 3.1.7-deb (2006-10-05) on mail.ruyter.co.uk X-Spam-Level: *** X-Spam-Status: No, score=3.4 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE,NO_REAL_NAME,SPF_NEUTRAL,URIBL_JP_SURBL,URIBL_SBL autolearn=no version=3.1.7-deb Subject: important discovery for all man kind, acai berry weight loss try it free X-SA-Exim-Version: 4.2 (built Thu, 14 Apr 2005 16:52:54 +0000) X-SA-Exim-Scanned: Yes (on mail.ruyter.co.uk) -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
