Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Hosting Security and Technology Tutorials : How To: Prevent spoof emails from being sent from your server! (exim only)

[PhilG]

How-To: (exim only) Prevent paypal, ebay spoofs for your server!

This how-to prevents or at least makes it harder for spoof emails to be sent from your servers. It simply checks if the email is being sent from the localhost and if the reply to address has been set to a know spoof domain.

ok the work starts here:

Open the Runtime configuration file for Exim:

Code:

vi /usr/exim/configure

and add

Code:

system_filter = /usr/exim/exim.filter

close the file and now create the exim.filter file

Code:

vi /usr/exim/exim.filter

and paste the following into it

Code:

# Exim filter

logfile /var/log/exim_mainlog

if $received_protocol is "local" and
        ($header_from contains "@ebay.com" or
        $header_from contains "@paypal.com")
then
        logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole."
        seen finish
endif

This code should work on all systems running exim 4.x and allows alot of room for sophistication. More ideas can spawn off this such as checking for $header_body etc.

I would love to hear your feed back!

NOTE: if you wish to duplicate this information please link to dev-central.com.

[wheimeng]

Hm, /usr/exim doesn't even exist?

[PhilG]

Your exim directory is dependant on the installation. Do a "locate exim/bin" to find the exim files.

[BizB]

i thoght exim has an option to only allow loged in users to send emails
unless you mean that users on the server try to send spoof mails ?