Need guide to create email filter (email spoofing)

wefrank

Member
Oct 2, 2005
20
0
151
Massachusetts
Hello,
Have read the following:
http://forums.cpanel.net/showthread.php?t=65868&highlight=mail+spoofing
http://forums.cpanel.net/showthread.php?t=51932&highlight=mail+spoofing

and looks like I need some pointers and assistance to create email filter for one of my clients - Recently they started filling exim queue with backscattered email bounces (which my VPS server is trying to forward, further creating problems...)

Configuration: CPanel 11.18.3-R21703 (yes time for an upgrade...) on VPS

Targeted email: [email protected]
which is forwarded to [email protected]

I do not belive client uses this for outgoing, but would need to verify.

Here is sample bounced email (domains and IPs masked)
******
1JxHHp-0003Zn-K3-D
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
Unrouteable address


------ This is a copy of the message, including all the headers. ------
****** domains and IP addresses cleaned ****
Return-path: <[email protected]>
Received: from [1.8.6.8] (helo=1.8.6.8)
by l8101.oxyd.net with esmtp (Exim 4.20)
id 1JxH9D-0007kZ-QF
for [email protected]; Sat, 17 May 2008 09:48:08 +0200
Message-ID: <[email protected]>
From: "Great watch Service" <[email protected]>
To: "Amazing Watches" <[email protected]>
Subject: Hermes Watches

** spam text here **
******

So, looks like I need email filter for "bounced email", to filter on
Return-path: <[email protected]>
or
From: "" <[email protected]>

but do not know how to write exim filter or where to place.
Thanks in advance for assitance or link to exim filter guide.

Walter