Spam problems

[ViAdCk]

Hello:

During the last months we are seeing the following problem quite a lot. A spammer gets access to a user account called "jim" or "[email protected]" for example and uses it to send spam. The spammer usually gets the password because it's a very easy one or because of the user having an exploit on his computer.

The problem is that exim lets this spammer login as "jim" or "[email protected]" but the from field is for example "[email protected]". How can exim be configured in order to prevent this from happening? Basically I want to configure exim in order to accept only from fields which are exactly the same as the real user.

Any thoughts on this?

Thanks

 

[floyd]

I realize this is not exactly what you asked but it will help.

Read over this: http://www.webhostgear.com/338.html

This was designed for cPanel servers so the file name /etc/antivirus.exim needs to be changed to /etc/system_filter.exim.

If you open /etc/exim.conf and search for "system_filter = "that will verify the system filter file name for your configuration.

You will notice that wellsfargo.com is one of the domains the system filter will not allow as a from address. So it would have protected you in this specific situation.

What you asked for may not be a good idea because then you prevent your legitimate customers from using different from addresses as well. And there are legitimate reasons for using a different from address. I think the above will help you a lot though.

 

[ViAdCk]

Thanks for your reply. I have configured this additional filters and we'll see how it works out. It would be nice to know how to acheive what I proposed in the original question though.

 

[ViAdCk]

Nobody knows how to filter those outgoing emails?

 

[floyd]

Nobody knows how to filter those outgoing emails?

If I were your customer and found out you were doing this I would change immediately.

Do the same as above except have lines to allow all the domains on your server and deny everything else at the end.