On Sat, 8 May 1999, Marilyn Davis wrote:
> This is the direction I'm thinking of going. I'm thinking that I
> could modify exim so that it does an nslookup on the domain name of the
> incoming mail. I can parse the results and also parse the headers
> and if I don't find a match, reject the mail.
I presume that by "the domain name of the incoming mail" you mean the
domain name in the address of the sender of incoming mail.
Just one call to nslookup may not be enough because of the way mail
works, using MX records as well as address records. However, ...
If you turn on the sender_verify option in Exim, it will verify the
address of the message's sender by checking that the domain is one that
it can make sense of. This means that (in the general case) it will do a
DNS lookup on the domain and do the MX processing in order to find the
IP addresses of the hosts to which mail for that domain should be sent.
That means that it has already done most of the work you need. All you
would have to add would be code to check that one of the IP addresses it
came up with matches the IP address of the incoming message. I think
this would be fairly simple to do.
BUT: this may still not do what you really want. There are certainly
large organizations around that use gateways and/or firewalls, and
arrange that their outgoing mail goes from one host, while their
incoming mail goes via a different host. If any of your voters come from
such an installation, the IP address obtained by routing the sender
address will not match the IP address of the host the message came from.
ALSO: I see from the DNS that deliberate.com has several MX records,
deliberate.com. MX 5 deliberate.com.
deliberate.com. MX 10 mail1.best.com.
deliberate.com. MX 10 mail2.best.com.
deliberate.com. MX 20 mail3.best.com.
deliberate.com. MX 20 mail4.best.com.
with some backup hosts (mail1.best.com etc.). Therefore, if your machine
is down (or disconnected), mail will to go the backup and when you get
it eventually, it will come from one of the mailX.best.com machines, not
from the original. Of course, assuming you trust best.com, you can fish
out the IP address to test from their Received: header, but that is not
something that could easily be added into Exim.
> My sysadmin tells me that the OS is a good place for it because the
> OS handles the TCP. And, he sets a parameter there for this. Am I
> making sense?
I believe that Linux can do this blocking, so yes, it makes sense.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
--
*** Exim information can be found at
http://www.exim.org/ ***
