Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Block outgoing mail with spoofed from address
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Block outgoing mail with spoofed from address

    DrukpaDrukpa Member
    edited January 16 in Help

    How do you guys block outgoing mail that uses a spoofed FROM address?

    I tried the following exim acl, for acl_not_smtp:

    discard
    condition = ${if ! match_domain{${domain:${address:$h_From:}}}{+hosted_domains : +local_domains}}
    message = Sorry, you don't have permission to send email from this server with a header that states the email is from ${lc:${address:$h_From:}}.
    

    But this one blocks both incoming and outgoing mails if the FROM address domain is not in the list of hosted_domains and local_domains. For outgoing it is ok, but for incoming, obviously the FROM address domain will not be in the list.

    Comments

    • Spf record and dmarc should suffice.

      Wordpress Hosting - Home made!

    • ClouviderClouvider Member, Provider

      @LTniger said:
      Spf record and dmarc should suffice.

      I guess the question here is how to block say [email protected] account from sending emails as [email protected] using particular exim mail server. SPF nor demarc will help in this case.

      Clouvider Limited - Leading EU Provider || Dedicated Server Sale - True HA Cloud VPS - Help Australia with our Latest LET Offer

      Cloud Web Hosting | SSD & SAS HA VPS on OnApp | Dedicated Servers | Colocation | Managed Services

    • DrukpaDrukpa Member
      edited January 17

      Ok, looks like I found my solution. I check for FROM address for the outgoing mail and TO address for the incoming mail. If both are not in the list of local domains, I reject the mail.

    • FalzoFalzo Member
      edited January 17

      @Drupke care to share your solution? esp. the places where you put your rules in. acl_not_smtp afaik is definitely applied to incoming mail, so either you do another inline check on the direction or placed your rules somewhere else?

      would be interesting to see... I use some rules on forwarded mails, which happens in the routers section not the main acls

      most recommended Provider: First-Root KVM Power-Edition /w SSD
      UltraVPS.eu KVM in US/UK/NL/DE: 15% off first 6 month | Netcup VPS/rootDS - 5€ off: 36nc15279180197 (ref)

    • edited January 17

      Glad you found a solution. This is good to know when DNS is not helping.

    • DrukpaDrukpa Member
      edited January 19

      @Falzo said:
      @Drupke care to share your solution? esp. the places where you put your rules in. acl_not_smtp afaik is definitely applied to incoming mail, so either you do another inline check on the direction or placed your rules somewhere else?

      would be interesting to see... I use some rules on forwarded mails, which happens in the routers section not the main acls

      Below is the condition I used. I checked for $h_to only at the beginning, but noticed that the incoming mails with a CC/BCC address of a local domain was also being rejected. So, had to change the rule so it checks for all TO/CC/BCC as well. This rule was placed in the acl_not_smtp section. Seems to be working for now.

      discard
      condition = ${if and {\
      {! match_domain{${domain:${address:$h_from:}}}{+local_domains}}\
      {! match_domain{${domain:${address:$h_to:}}}{+local_domains}}\
      {! match_domain{${domain:${address:$h_cc:}}}{+local_domains}}\
      {! match_domain{${domain:${address:$h_bcc:}}}{+local_domains}}\
      }}
      message = Sorry, spoofed mail denied
      

      Rejecting mails based on SPF records seem like over strict rule. Most domains do not have correct SPF records set.

      Thanked by 1Falzo
    • illyhostingillyhosting Member, Provider

      If you're using Cpanel, you can use Tweak Settings to block these emails.

      IllyHosting.com - Cheap VPS & Dedicated Servers (Kosovo, Europe)
      AS207817 | VPS | Dedicated | Colocation | .AL Domains

    Sign In or Register to comment.