Exim + BATV

G

gentlego

New member
Joined
Feb 8, 2016
Messages
3
Okay, we have some sh** storm because of one single message that was spoofed.

Code: 
2016-03-07 08:49:24 1acpuu-00088V-Fr <= bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net U=mail P=spam-scanned S=7105 [email protected] T="Secret" from <bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net> for [email protected] [email protected]
2016-03-07 08:49:24 1acpuu-00088V-Fr => backup <system-filter> F=<bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net> R=virtual_user T=dovecot_lmtp_udp S=7290 C="250 2.0.0 <[email protected]> /MhRLoQy3VYqegAAZltHFQ Saved"
2016-03-07 08:49:24 1acpuu-00088V-Fr => mailbox <[email protected]> F=<bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net> R=virtual_user T=dovecot_lmtp_udp S=7290 C="250 2.0.0 <[email protected]> AMlRLoQy3VYqegAAZltHFQ Saved"
2016-03-07 08:49:24 1acpuu-00088V-Fr Completed

2016-03-07 08:49:24 1acpuu-00088R-EH <= bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net H=proofpoint.ourdomain.io [89.192.164.11] P=esmtp S=6503 [email protected] T="Secret" from <bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net> for [email protected]
2016-03-07 08:49:24 1acpuu-00088R-EH => backup <system-filter> F=<bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net> R=spamcheck_director T=spamcheck S=7035
2016-03-07 08:49:24 1acpuu-00088R-EH -> mailbox <[email protected]> F=<bounce-id=D067=U603586.240plan.ovh.net=1457336961.09-YZ2BF@118-prod.mail-out.ovh.net> R=spamcheck_director T=spamcheck S=7035
2016-03-07 08:49:24 1acpuu-00088R-EH Completed

2016-03-07 09:33:05 1acqbB-0001Bn-Dt <= [email protected] U=mail P=spam-scanned S=2947 id=20160307013300.7be147835b926b913a1d20c6150bffc8.1323761e7d.wbe@email24.secureserver.net T="payment" from <[email protected]> for [email protected] [email protected]
2016-03-07 09:33:05 1acqbB-0001Bn-Dt => backup <system-filter> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=3049 C="250 2.0.0 <[email protected]> C7GQCcE83VbGEQAAZltHFQ Saved"
2016-03-07 09:33:05 1acqbB-0001Bn-Dt => mailbox <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=3049 C="250 2.0.0 <[email protected]> D7GQCcE83VbGEQAAZltHFQ Saved"
2016-03-07 09:33:05 1acqbB-0001Bn-Dt Completed

2016-03-07 09:33:05 1acqbB-0001Bj-C3 ESF evalutation skipped. Score: 
2016-03-07 09:33:05 1acqbB-0001Bj-C3 <= [email protected] H=proofpoint.ourdomain.io [89.192.164.11] P=esmtp S=2462 id=20160307013300.7be147835b926b913a1d20c6150bffc8.1323761e7d.wbe@email24.secureserver.net T="payment" from <[email protected]> for [email protected]
2016-03-07 09:33:05 1acqbB-0001Bj-C3 => backup <system-filter> F=<[email protected]> R=spamcheck_director T=spamcheck S=2877
2016-03-07 09:33:05 1acqbB-0001Bj-C3 -> mailbox <[email protected]> F=<[email protected]> R=spamcheck_director T=spamcheck S=2877
2016-03-07 09:33:05 1acqbB-0001Bj-C3 Completed

I've read something about https://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
Anyone tried to merge current DirectAdmin's exim.conf with this?: https://github.com/Exim/exim/wiki/SignEmails

Thanks in advance for any help with this. Cheers!
 
Did you manage to implement BATV yet? If yes, how did you do it?

If no, this thread is now bumped because I'm also interested in how to implement this in Directadmin/Exim.
 

44. Access control lists

Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet.
www.exim.org
BATV is here in the docs.
 
Looks like this would need to be a FeedBack request
The exim conf is not really templated so we can't really edit it unless we want to maintain the edits.
 
You must log in or register to reply here.
Back
Top