Hi folks I'm trying to reject spam from certain rather persistent spammers.
in acl_check_rcpt I have this: drop message = BLACKLIST-1: Locally blacklisted sender address !authenticated = * senders = ${lookup{$sender_address}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{$sender_address}} drop message = BLACKLIST-2: Locally blacklisted sender address !authenticated = * senders = ${lookup{$h_x-sender:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{$h_x-sender:}} ... and it works as would expect on the sender and envelope-sender. One particularly persistent spammer changes his sender address, but is recognisable by his From: and Reply-to: headers, and I'd like to be able to do something like the above (obviously in acl_check_data!). I have this, so far: deny message = X-JUNK-1: Unwanted junk mail !authenticated = * condition = ${lookup{$h_from:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{yes}{no}} deny message = X-JUNK-2: Unwanted junk mail !authenticated = * condition = ${lookup{$h_reply-to:}wildlsearch{/usr/local/etc/exim/local_sender_blacklist}{yes}{no}} and it seems to be unreliable. If local_sender_blacklist contains lines like ... ^\N.*@mydeals\.ro$\N ... then I'd hope to see mails with <anything>@mydeals.ro forged into the From: or Reply-To: headers rejected after the DATA part of the SMTP transaction. In actual fact, this is unreliable, and only some of them are rejected. Can anyone see anything wrong with what I am doing or expecting of the rules? Thanks! M -- Mark R V Murray Pi: 132511160 -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/