[Exim] Re: EXIM, Help stop relaying spam

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Marc Haber
日付:  
To: debian-user, exim-users
新しいトピック: [Exim] Child processes
題目: [Exim] Re: EXIM, Help stop relaying spam
On Wed, 4 Aug 1999 00:53:15 -0600 (MDT), you wrote:
>If you have the "relay-domains-include-local-MX = true" in your
>/etc/exim.conf file, this is true. It WILL relay for anyone who lists
>your machine as an MX for their domain (real, or not). I think this was
>the original question.


This is either a bug in the program or in the documentation:

|    If the domain in a recipient address matches local_domains or              |
|    relay_domains, or if relay_domains_include_local_mx is set and the domain  |
|    has an MX record pointing to the local host, the address is always         |
|    accepted (at least as far as this check is concerned - a subsequent        |
|    verification check might fail it). This is the case of an incoming message |
|    to a local domain or an incoming relay to a permitted domain.


|relay_domains_include_local_mx
|
|    Type:    boolean
|    Default: false

|
|    This option permits any host to relay to any domain that has an MX record
|    pointing at the local host. It causes any domain with an MX record
|    pointing at the local host to be treated as if it were in relay_domains.
|    See host_accept_relay above. Warning: Turning on this option opens your    |
|    server to the possibility of abuse in that anyone with access to a DNS     |
|    zone can list your server in a secondary MX record as a backup for their   |
|    domain without your permission. This is not a huge exposure because        |
|    firstly, it requires the cooperation of a hostmaster to set up, and        |
|    secondly, since their mail is passing through your server, they run the    |
|    risk of your noticing and (for example) throwing all their mail away.


|The relaying check happens whenever a message's recipient is received, that
|is, immediately after a RCPT command. The first check is whether the address
|would cause relaying at all: if its domain matches something in local_domains
|then it is destined to be handled on the local host as a local address, and
|relaying is not involved, unless the 'percent hack' is in use. In this case,
|the local part is converted into a new address and that is then checked.
|
|When the relevant domain is not in local_domains, there is first a check for
|legitimate incoming relaying, by seeing if it matches relay_domains, or, when
|relay_domains_include_local_mx is set, if it is a domain with an MX record
|pointing to the local host. If it does match, this is an acceptable incoming
|relay, and it is permitted to proceed.

The specification says at three different places that
relay_domains_include_local_mx checks are only done on _recipient_
address. Thus, a message is only relayed if the local host has an MX
record for the _recipient's_ domain and the spammer can only use the
exim host as a relay to spam users in domains the spammer controls the
DNS of.

It will not relay _FOR_ anyone who lists the exim host as an MX for
their domain; it will relay _TO_ anyone who lists the exim host as an
MX for their domain. This is a siginificant difference.

I am not in a position to test this at the moment, but _if_ exim
doesn't behave as the docs say and as I interpreted, this is a severe
bug and I've got to ask you why you didn't report it to Philip yet.

This is crossposted to the exim-users mailing list for verification.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29