[wellylug] Calling all Exim gurus
Cliff Pratt
enkidu at cliffp.com
Sat Mar 26 11:22:10 NZST 2005
Darryl Hamilton wrote:
> Ok, I'm a bit stuck with this one. Got an eBay scammer using a server to
> send out the usual crap, and it's breaking stuff trying to comply.
>
> So, for two reasons, I want to tell Exim to block the sending of those
> emails, but I don't know how, having not used Exim all that much.
>
> Some criteria -
> 1) the mail is coming from the server itself, I'm guessing a jailshell
> but it could be a phpBB exploit or other web form based thing
> 2) So far, 3 email addresses are being used - awconfirm at ebay.com,
> service at ebay.com and awconfirm at ebay.com.us, so I want to block those
> three, plus any others that pop up later on.
>
> I'm thinking (hoping) this can be done with an ACL (or a mod to an
> existing one), and this is what I'm asking. So far, I have the following
> in acl_smtp_rcpt, which doesn't seem to be working
>
> deny hosts = +local_domains
> domains = ebay.com:ebay.com.us:paypal.com
>
>
> If you have any ideas or examples I can look at, please let me know.
> Also, if you have any ideas on how to find out where this shit is coming
> from, that would be very handy to know.
>
Have you considered using a system filter? It might be easier.
Cheers,
Cliff
More information about the wellylug
mailing list