Exim 4 filter spam on return path different from “mail from”

eximrulesspam

Recently I'm receiving (a lot of) spam with "mail from:" from legitimate users (on my server) but a different "Return path". This should not happen for our users, that is, mail received for myuser@mydomain.com should allways have an equal return path "myuser@mydomain.com".

I need to setup an exim4 filter rule that checks for "@mydomain.com" and then checks for the sender email address is the return path. If different, the email should be rejected.

I know there are situations this can be a legitimate use (like using gmail) but these are not allowed by our policy.

Can someone give me a hint where/how to implement this rule?

Thanks

Best Answer

Take a look at exim filters. Basically you need something like (UNTESTED and not sure of the syntax):

if $header_from: contains "@mydomain.com" and $reply_address is not $header_from:
then
    fail 
    seen finish
endif

You can provide a meaningful reject message next to fail as in fail test "some message".

Best Answer

Related Solutions

Linux Exim set return-path header automaticly using from header

All mails going to gmail SPAM (sendmail on centos) 127.0.0.1 problem

Related Topic