Ian Jones:
> Hello,
>
> I am getting emails like the one below, in which the header from is my
> own address. The emails contain text in a jpg image and claims my
> account has been hacked and demands $1000 paid to a bitcoin account. I
> would like to find a way to reject emails from my own addresses except
> from my own servers, but so far I have not succeeded. :-( The relevant
> parts of my configuration are below. I am probably duplicating some
> actions, since I have recently added restrictions in the hope of
> preventing these emails.
I have not seen bitcoin ransom email sent from 'myself' after I
started requiring that the From: header with my email address also
contains my full name.
PCRE header_checks entry:
if /^From:.+\buser@example\.com\b/
!/Firstname Lastname|Cron Daemon/ reject 4.7.1 forged sender address in From:
message header: u...@example.org
endif
With of course suitable values for the email address and fullname.
The 4.7.1 is for safety. If the client is a spambot they won't come
back, but if the client keeps coming back, then the email might be
legitimate and it may be time to update the pattern (like I had to
add 'Cron Daemon'). This is why this approach works only for small
domains.
Wietse
