Dear Team, We setup an outgoing spam filter using exim to block spoofed emails. Basically, this is what we did.
(root)>grep ^system_filter /etc/exim.conf system_filter = /etc/exim.filter system_filter_user = cpaneleximfilter system_filter_group = cpaneleximfilter system_filter_file_transport = address_file (root)>cat /etc/exim.filter # Exim filter logfile /var/log/exim_filterlog if ( $received_protocol is "local" or $received_protocol is "esmtpa" ) and ($sender_address contains "@ebay.com" or $sender_address contains "@paypal.com" or $sender_address contains "@yahoo.com" or $sender_address contains "@aol.com"or $sender_address contains "@gmail.com" or $sender_address contains "@hotmail.com" or $sender_address contains "@msn.com" or $sender_address contains "@cox.com" or $sender_address contains "aol.com" ) then save /var/cpanel/userhomes/cpaneleximfilter/mail/inbox logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole." seen finish endif Basically, this is what it does. It checks if the email is sent either using "local" ( ie, emails send using forms and scripts ) or "esmtpa" ( ie, emails sent after autheticating ) and if it matches either of the 2 conditions, it checks for the from address and if it matches either ( aol, hotmail, etc ), it will block the email and append it to /var/cpanel/userhomes/cpaneleximfilter/mail/inbox Now, this is what we need. We need to modify the filter so that emails are sent out only if the from address is present in /etc/localdomains. That way, all spoofed spam emails from the server can be blocked. Any help on this is much appreciated. -- ##### Amal -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
