Hi,
As we know, spammers often fake their identity and their mail server
/ratware fakes their identity as well.
I've noticed that occasionaly I get spam that is supposedly sent from
my own server (tivon1.pointer.co.il) but clearly arrives from an
outside IP address.
I written a rule in SpamAssassin that rejects this kind of spam but I
think it really should be stopped inside Exim.
See the short log snippet below where you can see that the mail was
sent from a dynamic comcast.net address but the server had the
audacity in the "helo" command to identify itself as
"tivon1.pointer.co.il".
My Exim is configured to require sender verify but apparently it does
not include "server" verify. Is there's a command/parameter for this?
------------- exim log snippet starts ------------
2005-08-01 00:59:03 1DzLpi-0006TB-7u
H=c-24-131-41-83.hsd1.ga.comcast.net (tivon1.pointer.co.il)
[24.131.41.83] F=<[EMAIL PROTECTED]> rejected after DATA: -
Classified as spam (scored 28.8 points). Congratulations!
Envelope-from: <[EMAIL PROTECTED]>
Envelope-to: <[EMAIL PROTECTED]>
P Received: from c-24-131-41-83.hsd1.ga.comcast.net ([24.131.41.83]
helo=tivon1.pointer.co.il)
by tivon1.pointer.co.il with smtp (Exim 4.50)
id 1DzLpi-0006TB-7u
for [EMAIL PROTECTED]; Mon, 01 Aug 2005 00:58:58 +0300
F From: [EMAIL PROTECTED]
------------- exim log snippet ends ------------
--
Ilan Aisic
Registered Linux User 8124 http://counter.li.org
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
