[Pkg-exim4-users] Spam sent to user from user's email address

Thu Jan 13 11:15:59 UTC 2011

On Thu, 13 Jan 2011 08:00:19 +0000
Peter Sparkes <peter at didm.co.uk> wrote:

> Hi,
> 
> My Exim4 users are getting spam sent to them which appear to come
> from there own email address.
> 
> Assuming that these emails are originating from my exim server how do
> I, please, stop them
> 
> Regards
> 
> Peter
> 
> 
The list will need some more info to help.
Meantime, unless you have a bad egg local user its unlikely that the mails are originating from YOUR server.
1/ Check the mail headers and see if you can get a little more info.
2/ Check /var/log/exim4/mainlog 
	Cross check against victims local mail address and times.

Once you have the originating SMTP server you can block it a number of ways.
here are two:

	1/ create a file called: /etc/exim4/local_host_blacklist
	[ man exim4_local_host_blacklist ]
	its a simple list of IP addresses to deny access to
e.g. from Man page:
       192.168.10.0/24
       !172.16.10.128/26
       172.16.10.0/24
       10.0.0.0/8

Restart exim and your at least half way there.
You can append to that file anytime you like.

	2/ set up an iptables rule to block to IP totally or only when using the SMTP port:
something like...
	iptables -N EXIMDROPS
	iptables -A EXIMDROPS -p tcp -s 123.456.789 -j REJECT 
	iptables -A INPUT -p tcp -m tcp --dport 25 -j EXIMDROP
Or use your favorite GUI tools 
(there are many ways of skinning that cat, that is a rough example.)

Install spamassassin or similar
apt-cache search spam 

> _______________________________________________
> Pkg-exim4-users mailing list
> Pkg-exim4-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users

--Pete (another one) 
(local-debian-hints.u8)
:your fortune cookie:

Debian Hint #21: If your Debian box is behind a slow network connection,
but you have access to a fast one as well, check out the apt-zip package.

Peter Gossner <gossner at internode.on.net>
<pete.gossner at gmail.com>