> On 6 Feb 2019, at 17:24, Mischa <open...@high5.nl> wrote:
> 
>> On 6 Feb 2019, at 15:38, Gilles Chehade <gil...@poolp.org> wrote:
>> 
>> On Wed, Feb 06, 2019 at 11:42:19AM +0100, Mischa wrote:
>>> Hi All,
>>> 
>>> There has been a new scam going around for some time now where you get an 
>>> email from your own email address to your email address.
>>> For people that don't know better it's scares the s**t out of them as the 
>>> email is like:
>>> 
>>> Hey I hacked your account as you can see since I am sending this email from 
>>> your own account.
>>> etc..
>>> 
>>> Is there a quick way to filter email where the sender and rcpt-to are the 
>>> same?
>>> Has anybody created a filter already to easily do this?
>>> 
>>> Thanx!
>>> 
>> 
>> I used to have a rule to reject any mail from my domain but which were
>> not originating from trusted machines nor authenticated users.
>> 
>> not tested here but something along the lines of:
>> 
>>   match !from local mail-from "@opensmtpd.org" reject
>>   match !auth from any mail-from "@opensmtpd.org" reject
>> 
>> there are other ways too
> 
> Let me see if some modified version of those rules work, the difference is 
> that the MX is for incoming email only, outbound is taking a different route.
> 
> Thanx Gilles!

I have been trying to do things like:

match from any rcpt-to "openbsd @ high5.nl" mail-from "openbsd @ high5.nl" 
reject
(without the spaces of course)

But it's not working. :/
Is there again parts of the rule I am missing?

Mischa




--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to