Mailing List Archive

From
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html:

This condition tests the sender of the message against the given list...
Warning: It is a bad idea to use this condition on its own as a control
on relaying, because sender addresses are easily, and commonly, forged.

Also from that section:

You cannot test the contents of the message, for example, to verify
addresses in the headers, at RCPT time or when the DATA command is
received. Such tests have to appear in the ACL that is run after the
message itself has been received, before the final response to the DATA
command is sent. This is the ACL specified by acl_smtp_data, which is
the second ACL that is associated with the DATA command.

So in the acl_smtp_data you could put a custom condition and match
against headers, e.g. $header_from and/or $h_reply-to.

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#SECTexpansionitems

Alternatively, if you are using spamassassin or another spam scoring
system you can put a rule there.

HTH,
Alex

On 16/01/21 3:25 pm, Konstantin Boyandin via Exim-users wrote:
> Hello,
>
> I am willing to block messages containing certain patterns in
> From:/Reply-To: containing certain pattern.
>
> I tried first blocking by senders: test configuration contains (right
> below "begin acl"):
>
> --- configuration snippet below
> acl_check_sender:
> deny senders = /etc/exim/sender_reject.list
>
> accept
> --- configuration snippet above
>
> and the mentioned /etc/exim/sender_reject.list contains
>
> user@example.com
> *@example.net
> *@example.org
>
> To block "user@example.com" and all senders from example.net and
> example.org domains.
>
> As far as I understood, the above only filters by the address reported
> in "MAIL FROM" SMTP command (i.e., by Return-Path), which can be bogus.
> How do I do correct filtering by Reply-To:/From: (using From: only if
> Reply-To: is missing)?
>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

In addition to Alex's response,

On 16/01/2021 02:25, Konstantin Boyandin via Exim-users wrote:
> As far as I understood, the above only filters by the address reported
> in "MAIL FROM" SMTP command

Yes

> (i.e., by Return-Path),

Possibly added by a transport - not necessarily present in an
incoming message

> which can be bogus.

Anything in an inbound message can be bogus - including the From:
header. It's just as easy to forge as the envelope FROM.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/