How-To: (exim only) Prevent paypal, ebay spoofs for your server!
This how-to prevents or at least makes it harder for spoof emails to be sent from your servers. It simply checks if the email is being sent from the localhost and if the reply to address has been set to a know spoof domain.
ok the work starts here:
Open the Runtime configuration file for Exim:
system_filter = /usr/exim/exim.filter
close the file and now create the exim.filter file
and paste the following into it
# Exim filter
if $received_protocol is "local" and
($header_from contains "@ebay.com" or
$header_from contains "@paypal.com")
logwrite "$tod_log $message_id => Outgoing mail with reply address $header_from caught. Email sent to black hole."
This code should work on all systems running exim 4.x and allows alot of room for sophistication. More ideas can spawn off this such as checking for $header_body etc.
I would love to hear your feed back!
NOTE: if you wish to duplicate this information please link to dev-central.com.