Dňa 26. mája 2023 23:45:22 UTC používateľ Victor Ustugov via Exim-users
napísal:
>But more than one address in a From header is rare. And if there are
>several such incorrect addresses in the From header of the attacker's
>email, then it's good that at least one of them can be extracted using a
Slavko via Exim-users wrote on 27.05.2023 02:44:
> Dňa 26. mája 2023 22:31:56 UTC používateľ Victor Ustugov via Exim-users
> napísal:
>
>>
>> ${if
>> eq{${address:$rh_From:}}{}{${sg{$rh_From:}{\N^.*<(\S+?@\S+?)>\s*\N}{\$1}}}{${address:$rh_From:}}}
>>
>
> Thanks, but do you know that is not perf
Slavko via Exim-users wrote on 27.05.2023 10:54:
> Dňa 26. mája 2023 23:45:22 UTC používateľ Victor Ustugov via Exim-users
> napísal:
>
>> But more than one address in a From header is rare. And if there are
>> several such incorrect addresses in the From header of the attacker's
>> email, then
Ahoj,
Dňa Sat, 27 May 2023 13:20:48 +0300 Victor Ustugov via Exim-users
napísal:
> I think that in this case it is not necessary to use a very "horrible
> complicated" full RFC compliant regexp. It may be sufficient to ignore
> all parenthesized text after the last ">". Or even ignore all text i
Ahoj,
Dňa Sat, 27 May 2023 13:37:29 +0300 Victor Ustugov via Exim-users
napísal:
> I think checking the headers of emails sent by your users could be
> more strict. Because if ${address:...} returns empty result then
> header is not RFC compliant.
Yes, but i am not sure, if my ACLs are prepared
Slavko via Exim-users wrote on 27.05.2023 14:00:
> Ahoj,
>
> Dňa Sat, 27 May 2023 13:20:48 +0300 Victor Ustugov via Exim-users
> napísal:
>
>> I think that in this case it is not necessary to use a very "horrible
>> complicated" full RFC compliant regexp. It may be sufficient to ignore
>> all pa
On 26/05/2023 13:43, Markus Reschke via Exim-users wrote:
Hello Sebastian!
On Fri, 26 May 2023, Sebastian Arcus via Exim-users wrote:
Hello. As so many scams around are based on impersonating someone
inside the company, I am wondering if anyone here has considered the
more extreme solution of
I was searching through the lists and reading the documentation but I'm
coming up short on blocking IP only senders.
I've seen ACLs checking sender_helo_name using isip{} but that doesn't
seem to do anything for the case of a literal IP:
H=([185.17.76.25])
What's the proper way to check for
