From 04b6e84c357ab841722417c6a04b6373b7ee564f Mon Sep 17 00:00:00 2001 From: runout-at Date: Mon, 18 Jul 2016 18:01:00 +0200 Subject: [PATCH] spamtrap, backscatterer spamtrap/honeypot: define a list of email addresses which you lay out as a bait on websites "CONFDIR/spamtrap_receiver" one address per line IPs of senders to these addresses will be logged to "/etc/exim4/local_host_blacklist" and be rejected in the future backscatterer: as i see lots of mails coming from somwhere but the sender pretends to be my domain i created this acl mails from "abc123@example.com" to "xyz987@example.com" will be ckecked against the backscatterer DNSBL --- docs/vexim-acl-check-rcpt.conf | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/vexim-acl-check-rcpt.conf b/docs/vexim-acl-check-rcpt.conf index e8d9c265..f4e3c2d7 100644 --- a/docs/vexim-acl-check-rcpt.conf +++ b/docs/vexim-acl-check-rcpt.conf @@ -1,3 +1,18 @@ +# spamtrap write sender IP to BL file when receiving messages to special +# adresses defined in the file 'CONFDIR/spamtrap_receiver' +deny + message = ${run{/bin/bash -c "/bin/echo $sender_host_address >> /etc/exim4/local_host_blacklist;"}} + condition = ${lookup{$local_part@$domain}lsearch{CONFDIR/spamtrap_receiver} {yes}{no}} + logwrite = :main,reject: $sender_host_address - IP logged, $local_part@$domain is only used by spammers + +# drop backscatterer messages +deny + senders = : $local_part@$domain + dnslists = ips.backscatterer.org + add_header = X-blacklisted-at: $dnslist_domain + log_message = sender same as recipient $local_part@$domain and $sender_host_address listed at $dnslist_domain + + # Use spfquery to perform a pair of SPF checks (for details, see # http://www.openspf.org/) # This check has been copied from a stock Debian config and has not been