I know there has been a lot of talk for a long time about detecting spoofed emails, but is there actually a way to do it? Maybe with an MTA script or something?
Here is an example of what I am seeing from the email source
envelope-from <info@spoof.com.ar>
From: "good_user@mydomain.com" <info@spoof.com.ar>
To: "good_user2@mydomain2.com" <good_user2@mydomain2.com>
X-Envelope-Sender: info@spoof.com.ar
X-ME-Bayesian: 0.000000
X-Source-Auth: info@spoof.com.ar
X-ME-CountryOrigin: US
I get hundreds of them a day all from foreign accounts. Is there a way to GeoIP check the 'X-Envelope-Sender' or 'envelope-from' or 'X-Source-Auth' fields?
Spoofed email
Re: Spoofed email
You could create a filter using a criteria script that matches the from field with the envelope-from one, and spams out the message when it doesn't match but beware it could cause several issues with mailing lists. Honestly I catch almost all of those with just the ME internal bayesian filter.
Re: Spoofed email
Never looked at the Criteria script editor. Looks promising. Maybe I can do a country match on the envelope-from field and then give it a spam probability of 100. I will look for some examples. Not sure of the correct syntax with this feature.
Re: Spoofed email
Do you mean something like this. Obviously I may need more qualifiers.
What I am really asking is if I can match a field like envelope-from like this?
If CriteriaMet([envelope-from],"*") <> _
CriteriaMet([ME_FROM],"*") Then
FilterResult=1
End If
Thanks
What I am really asking is if I can match a field like envelope-from like this?
If CriteriaMet([envelope-from],"*") <> _
CriteriaMet([ME_FROM],"*") Then
FilterResult=1
End If
Thanks