I am having some difficulty blocking some spam, the headers are below: <begin>
Return-path: <[email protected]> Received: from localhost ([127.0.0.1] helo=gw.kictanet.or.ke) by gw.kictanet.or.ke with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <[email protected]>) id 1Mkydf-000H38-Id for [email protected]; Tue, 08 Sep 2009 14:13:31 +0300 Received: from mail.wananchi.com ([62.8.88.102]) by gw.kictanet.or.ke with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <[email protected]>) id 1Mkydd-000H30-VD for [email protected]; Tue, 08 Sep 2009 14:13:29 +0300 Received: from 200-103-109-244.gnace701.dsl.brasiltelecom.net.br ([200.103.109.244]) by mail.wananchi.com with esmtp (Exim 4.67 (FreeBSD)) (envelope-from <[email protected]>) id 1MkyVC-000HdM-K3 for [email protected]; Tue, 08 Sep 2009 14:04:48 +0300 From: "Stegman Karey" <[email protected]> To: [email protected] Subject: I have plans for you Content-Type: text/html; charset="ISO-8859-1" MIME-Version: 1.0 Message-Id: < hprowlc19598.f346...@200-103-109-244.gnace701.dsl.brasiltelecom.net.br> Sender: [email protected] Errors-To: [email protected] </end> The e-mail should not be having the *[email protected] if the sending host is NOT 127.0.0.1 or 62.8.64.102. I am trying the following unsuccessfully in acl_smtp_rcpt: # Spammers forging our domain in their from: address deny message = Forged Sender: $sender_address !hosts = : localhost : 62.8.64.102 condition = ${if match{${lc:$h_from:}}{{ lists.kictanet.or.ke}} log_message = HEADER_FROM: $h_from noticed in $sender_address from $sender_host_address. What is it that I am missing as I don't seem to catch any of this spam? I think my condition is botched:-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
