Re: Checks on sender in Exim (was: totally inappropriate s…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MChris Thompson at <-
MPhilip Hazel at ->
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Chris Thompson
CC: Jawaid Bazyar, exim-users
Subject: Re: Checks on sender in Exim (was: totally inappropriate subject...)
} > Is there a way to tell exim to apply at least a cursory validity check on
} > the "MAIL FROM:" data?
}
} Yes, of course: "sender_verify" and its variants - see the manual.
}
} But this doesn't help much with <>, which is perfectly valid - see RFC 821.

In the test release I am playing with there is a note in the NewStuff
file:-

} 4. Exim's sender verification options can be used to block spam
} messages with bad envelope senders. However, if a message arrives with
} a null envelope sender, i.e. if the SMTP command was

} MAIL FROM:<>

} then Exim has nothing to check, and is forced to accept the message
} (unless it fails a recipient check, of course). If
} headers_sender_verify_errmsg is set, then for messages that have null
} senders (i.e. purport to be mail delivery error messages), Exim does
} some checking of the RFC 822 headers. It looks for a valid address in
} the Sender, Reply-To, and From headers, in that order, and if one
} cannot be found, the message is rejected. Unfortunately, because it
} has to read the message before doing this check, the rejection happens
} after the end of the data, and it is known that some mailers do not
} treat hard (5xx) errors correctly at this point - they keep the
} message on their spools and try again later, but that is their
} problem, though it does waste some resources.

} For completeness, the option headers_sender_verify is also
} implemented. It insists on their being a valid Sender, Reply-to, or
} From header on *all* incoming SMTP messages. 

On a similar note, when we had our previous big spam attack my filter 
bolted onto smail used a heuristic which worked very well which was to 
sideline any mail coming in with a envelope sender address that was 8 
characters or less.  I have spent pretty much all day writing an exim 
config file (this is for a serious group of machines), and was considering 
how I would do this heuristic in exim.  Although I can test in the system 
filter for a short address:-
    if eq{${length_8:$sender_address}}{$sender_address}
    then
        freeze
    endif


I am not sure how I could make it ignore error messages - presumably they
look like a zero length string, so a test that its not equal to ""??

[The heuristic worked because we got a lot of mail from x@??? - however I
haven't seen that for a good while, and it should never get through the
sender_verify stages] 

    Nigel.


-- 
[ Nigel.Metheringham@???   -  Systems Software Engineer ]
[ Tel : +44 113 251 6012                   Fax : +44 113 224 0003 ]
[            Friends don't let friends use sendmail!              ]





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: how to remove the Sender field when sending mail ?non-dedicated SMTP->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)