Problems with spam from own domain

I

incognito777

New member
Joined
Jan 23, 2013
Messages
2
Hello everyone,
not sure if this' correct subforum to ask about it, but I got a problem with spam from one of my customer's own domain. He receives an enormous amount of the spam messages that in fact are all spoofed. Mails come from both randomly generated aliases and real existing aliases that are in use. In return path there's a randomly generated mail on yahoo.nl, what's interesting in those junk mails is the thing that there are usually 3 or 4 sender addresses in From: field in DATA. Please tell me how to get rid of this problem, we use DirectAdmin with Spamassasin 3.2.5 module installed, it's spam filter has already a low value of score required to mark a mail as a spam (4.0), our MTA is Exim 4.80, I turned on the sender authentication already, I also tried with an ACL that searches if there are 2 or more @ characters in the From: field in DATA but it doesn't work at all & results in dropping all of the messages.
 
incognito777 said:
Hello everyone,
not sure if this' correct subforum to ask about it, but I got a problem with spam from one of my customer's own domain. He receives an enormous amount of the spam messages that in fact are all spoofed. Mails come from both randomly generated aliases and real existing aliases that are in use. In return path there's a randomly generated mail on yahoo.nl, what's interesting in those junk mails is the thing that there are usually 3 or 4 sender addresses in From: field in DATA. Please tell me how to get rid of this problem, we use DirectAdmin with Spamassasin 3.2.5 module installed, it's spam filter has already a low value of score required to mark a mail as a spam (4.0), our MTA is Exim 4.80, I turned on the sender authentication already, I also tried with an ACL that searches if there are 2 or more @ characters in the From: field in DATA but it doesn't work at all & results in dropping all of the messages.
Click to expand...

Say to your customer to check his website for virus.
 
does someone know if there's a possibility to write an ACL in Exim that can directly check if there are multiple sender's addresses in From: field in DATA section? This method I tried with checking if there's 2 or more @ in that field seems to be a good way to solve my problem but the regexp I wrote for this purpose doesn't work, here it is:
Code: 
begin acl
acl_check_data

deny 
 condition = ${if match_domain{$domain:${address:$h_from:}}}{@{2,}}{true}}

maybe there's a mistake in it?
 
You must log in or register to reply here.
Back
Top