On Wed, 4 Aug 1999 00:53:15 -0600 (MDT), you wrote:
>If you have the "relay-domains-include-local-MX = true" in your
>/etc/exim.conf file, this is true. It WILL relay for anyone who lists
>your machine as an MX for their domain (real, or not). I think this was
>the original question.
This is either a bug in the program or in the documentation:
| If the domain in a recipient address matches local_domains or |
| relay_domains, or if relay_domains_include_local_mx is set and the domain |
| has an MX record pointing to the local host, the address is always |
| accepted (at least as far as this check is concerned - a subsequent |
| verification check might fail it). This is the case of an incoming message |
| to a local domain or an incoming relay to a permitted domain.
|relay_domains_include_local_mx
|
| Type: boolean
| Default: false
|
| This option permits any host to relay to any domain that has an MX record
| pointing at the local host. It causes any domain with an MX record
| pointing at the local host to be treated as if it were in relay_domains.
| See host_accept_relay above. Warning: Turning on this option opens your |
| server to the possibility of abuse in that anyone with access to a DNS |
| zone can list your server in a secondary MX record as a backup for their |
| domain without your permission. This is not a huge exposure because |
| firstly, it requires the cooperation of a hostmaster to set up, and |
| secondly, since their mail is passing through your server, they run the |
| risk of your noticing and (for example) throwing all their mail away.
|The relaying check happens whenever a message's recipient is received, that
|is, immediately after a RCPT command. The first check is whether the address
|would cause relaying at all: if its domain matches something in local_domains
|then it is destined to be handled on the local host as a local address, and
|relaying is not involved, unless the 'percent hack' is in use. In this case,
|the local part is converted into a new address and that is then checked.
|
|When the relevant domain is not in local_domains, there is first a check for
|legitimate incoming relaying, by seeing if it matches relay_domains, or, when
|relay_domains_include_local_mx is set, if it is a domain with an MX record
|pointing to the local host. If it does match, this is an acceptable incoming
|relay, and it is permitted to proceed.
The specification says at three different places that
relay_domains_include_local_mx checks are only done on _recipient_
address. Thus, a message is only relayed if the local host has an MX
record for the _recipient's_ domain and the spammer can only use the
exim host as a relay to spam users in domains the spammer controls the
DNS of.
It will not relay _FOR_ anyone who lists the exim host as an MX for
their domain; it will relay _TO_ anyone who lists the exim host as an
MX for their domain. This is a siginificant difference.
I am not in a position to test this at the moment, but _if_ exim
doesn't behave as the docs say and as I interpreted, this is a severe
bug and I've got to ask you why you didn't report it to Philip yet.
This is crossposted to the exim-users mailing list for verification.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
