On 21/11/2023 12:45, Victor Ustugov via Exim-users wrote:
Sebastian Arcus via Exim-users wrote on 21.11.2023 13:50:
Hello everyone. Currently I use the ACL below to look for domain
impersonation in From: header of inbound email:
condition = ${if match_domain{${domain:$h_from:}}
{+local_domains}{true}{false}}
This has been working very well, but the spammers are getting cleverer,
and now we are receiving emails with the From header formatted like so:
From: "Joe Bloggs <joe.blo...@ourdomain.com> via iPhone"
<some_ran...@email.com>
The above ACL doesn't kick in, as I assume it matches only against the
email part, not the name/description part.
Is there another way of using regular expressions to match against the
description/name part of the From: header? The difficulty I suppose is
that I need to match against the +local_domain list, not just a single
domain. Anyone knows if the $rh_from includes the description part in
between quotes? I've been going through the documentation, but can't
work out if it does.
I realise the above might bounce emails from mailing lists which include
the recipient's email in between the quotes - but this site never uses
any mailing lists, so that should be safe.
Any hints much appreciated
Try this to find local domains in any part of the From header:
condition = ${if forany {<;
${sg{$h_From:}{\N[<>\s:@'"/]+\N}{;}}}{match_domain{$item}{+local_domains}}{true}{false}}
Thank you very much - I will give that a go
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
