Tony Sullivan:
> I have been receiving a lot of phishing attempt e-mails lately that have a
> "from" address like this:
> valid.user@mydomain.comaccounting
> <https://www.exquisiteimages.com:2096/cpsess1855114148/3rdparty/squirrelmail/src/compose.php?send_to=valid.user%40mydomain.comaccounting>@someotherdomain.hn
>
> This appears to be an attempt to fool anyone who isn't paying close
> attention into clicking one of the links in the message since it appears
> to come from a valid user inside my domain.
>
> I am wondering if there is anyway that I can stop messages with "from"
> addresses like this.
Aren't there spam filters for such things?
You could craft your own regular expression tables and use these in
check_sender_access and header_checks, but most people should not
have to do that.
Wietse
