On Thu, 8 Oct 1998, Robert Zilbauer wrote:
> I realize the config.samples are just that, samples. However, some of them are
> quite useful. One in particular pertains to rewriting incoming UUCP-style
> addresses (from C002):
>
> # system*!user
> ^([^!]+)!(.*)@your\.domain $2@$1 Tbcrtq
>
> A very handy rewrite rule, but one that seems to open Exim up to mail
> relaying. For example, mail sent from a host (that is not allowed to relay) to
> an address like "externalhost.com!spamvictim@???" will be
> rewritten to "spamvictim@???" and happily sent on its way (or so
> it seems).
Sigh. Indeed it will.
> Is there a way for Exim to remember from which host it received this mail and
> for it to check that host against its 'permitted relay hosts' list before
> routing the mail back out to the internet?
It does keep $sender_host_address, and you could use this in a
"condition" test on a router, I suppose, but it's a bit clumsy.
> Or, perhaps there's a better configuration and/or rewrite rule that wouldn't
> open relaying via ! addressing in the first place?
There is now in fact a better way, provided the messages are being fed
into Exim via SMTP. (It postdates the time when this bang-path
rewriting was invented, I think.) If you put the "S" flag on a rewriting
rule, it is applied to incoming SMTP addresses as soon as they are
received, before any syntax checking or qualification or relay checking
or whatever. So, instead of permitting unqualified addresses from hosts
that send bang paths and using the old rule above, you just have the
rule
^([^!]+)!(.+)$ $2@$1 S
This means that when the SMTP command
RCPT TO:<a!b>
is received, the address immediately gets turned into b@a. Then the
normal relay checking takes place.
Thanks for pointing this out. I will add suitable words to the
documentation.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
--
*** Exim information can be found at
http://www.exim.org/ ***