Results 1 to 7 of 7
-
04-27-2005, 08:53 PM #1Web Hosting Master
- Join Date
- Feb 2003
- Posts
- 560
How To: Prevent spoof emails from being sent from your server! (exim only)
How-To: (exim only) Prevent paypal, ebay spoofs for your server!
This how-to prevents or at least makes it harder for spoof emails to be sent from your servers. It simply checks if the email is being sent from the localhost and if the reply to address has been set to a know spoof domain.
ok the work starts here:
Open the Runtime configuration file for Exim:
Code:vi /usr/exim/configure
Code:system_filter = /usr/exim/exim.filter
Code:vi /usr/exim/exim.filter
Code:# Exim filter logfile /var/log/exim_mainlog if $received_protocol is "local" and ($header_from contains "@ebay.com" or $header_from contains "@paypal.com") then logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole." seen finish endif
I would love to hear your feed back!
NOTE: if you wish to duplicate this information please link to dev-central.com.Off Topic Web Forum - A forum for talking about anything!!
N.Z. Webmaster Community - Are you from New Zealand? Well signup to our forum!!!!
-
05-01-2005, 09:01 PM #2Web Hosting Master
- Join Date
- Feb 2003
- Location
- Kuala Lumpur, Malaysia
- Posts
- 4,980
Hm, /usr/exim doesn't even exist?
-
05-02-2005, 12:39 AM #3Web Hosting Master
- Join Date
- Feb 2003
- Posts
- 560
Your exim directory is dependant on the installation. Do a "locate exim/bin" to find the exim files.
Off Topic Web Forum - A forum for talking about anything!!
N.Z. Webmaster Community - Are you from New Zealand? Well signup to our forum!!!!
-
05-02-2005, 12:52 AM #4Web Hosting Evangelist
- Join Date
- Jul 2003
- Posts
- 533
i thoght exim has an option to only allow loged in users to send emails
unless you mean that users on the server try to send spoof mails ?
-
06-16-2014, 07:56 PM #5Disabled
- Join Date
- Jul 2009
- Posts
- 29
Old thread, but thought of documenting the solution for cPanel specific configuration because this is a very important configuration for bringing down spam.
Also added an additional rule to check spoofed email even among authenticated outgoing emails ( because this seems to be a norm these days )
(root)>grep ^system_filter /etc/exim.conf
system_filter = /etc/exim.filter
system_filter_user = cpaneleximfilter
system_filter_group = cpaneleximfilter
system_filter_file_transport = address_file
(root)>cat /etc/exim.filter
# Exim filter
logfile /var/log/exim_filterlog
if ( $received_protocol is "local" or
$received_protocol is "esmtpa" ) and
($sender_address contains "@ebay.com" or
$sender_address contains "@paypal.com" or
$sender_address contains "@yahoo.com" or
$sender_address contains "@aol.com"or
$sender_address contains "@gmail.com" or
$sender_address contains "@hotmail.com" or
$sender_address contains "@msn.com" or
$sender_address contains "@cox.com" or
$sender_address contains "aol.com" )
then
save /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole."
seen finish
endif
It checks if the email is sent either using
"local" ( ie, emails send using forms and scripts ) or
"esmtpa" ( ie, emails sent after autheticating )
and if it matches either of the 2 conditions, it checks for the from address and if it matches either ( aol, hotmail, etc ), it will block the email and append it to /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
PS: Please ensure that the file -
/var/cpanel/userhomes/cpaneleximfilter/mail/inbox and
/var/log/exim_filterlog
are created with appropriate ownership and permissions.
(root)>ls -l /var/log/exim_filterlog /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
-rw------- 1 cpaneleximfilter cpaneleximfilter 4566414 Jun 16 19:39 /var/cpanel/userhomes/cpaneleximfilter/mail/inbox
-rw-r----- 1 cpaneleximfilter cpaneleximfilter 46680 Jun 16 19:39 /var/log/exim_filterlog
-
07-01-2016, 03:26 AM #6Web Hosting Master
- Join Date
- Mar 2013
- Posts
- 673
If normal user send mail to gmail using webmail, is it will send to black hole also? I'm newbie.
-
07-05-2016, 07:49 PM #7Web Hosting Master
- Join Date
- Dec 2011
- Posts
- 1,460
"I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."