Need guide to create email filter (email spoofing)


Oct 2, 2005
Have read the following:

and looks like I need some pointers and assistance to create email filter for one of my clients - Recently they started filling exim queue with backscattered email bounces (which my VPS server is trying to forward, further creating problems...)

Configuration: CPanel 11.18.3-R21703 (yes time for an upgrade...) on VPS

Targeted email: [email protected]
which is forwarded to [email protected]

I do not belive client uses this for outgoing, but would need to verify.

Here is sample bounced email (domains and IPs masked)
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
Unrouteable address

------ This is a copy of the message, including all the headers. ------
****** domains and IP addresses cleaned ****
Return-path: <[email protected]>
Received: from [] (helo=
by with esmtp (Exim 4.20)
id 1JxH9D-0007kZ-QF
for [email protected]; Sat, 17 May 2008 09:48:08 +0200
Message-ID: <[email protected]>
From: "Great watch Service" <[email protected]>
To: "Amazing Watches" <[email protected]>
Subject: Hermes Watches

** spam text here **

So, looks like I need email filter for "bounced email", to filter on
Return-path: <[email protected]>
From: "" <[email protected]>

but do not know how to write exim filter or where to place.
Thanks in advance for assitance or link to exim filter guide.