Re: Tricking Anti-Relay Commands

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: Jawaid Bazyar
CC: exim-users
Sujet: Re: Tricking Anti-Relay Commands
On Thu, 10 Apr 1997, Jawaid Bazyar wrote:

>
> Greetings,
>
> on the suggestion of someone on the inet-access list (a list for ISPs
> where I am plugging exim heartily ;) I tried the following:
>
> >From a host not in our accepted relay list:
>
> telnet hypermall.com 25
> MAIL FROM: bazyar@???
> RCPT TO: anyone%anywhere.com@???
> ... is syntactically correct
>
> I.E., munging up the address as above causes Exim to not properly reject
> this message. I suspect it ought to check to see if there's a % in the
> local part and go ahead and drop the "@hypermall.com" if that's possible.
>
> With this 'hole', spammers can still relay off my mail box. :(
>
> Comments, suggestions?


There is no support for the "percent hack" at the SMTP input stage,
which is where the relaying check happens. I kind of assumed that people
who didn't want relaying wouldn't have turned on the "percent hack" in
the first place. If you don't set percent_hack_domains on hypermall.com,
then although the message will get through the RCPT TO check, it will
get rejected as "unknown user" at a later stage.

There is an item buried somewhere deep on the wishlist to implement some
more variable control over the use of % routing. I have made a note to
include some thought about relay control when I finally get to that
item.

-- 
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714