[Exim] Rewriting and open relay

Góra strony
Delete this message
Reply to this message
Autor: Vladimir Litovka
Data:  
Dla: exim-users
Temat: [Exim] Rewriting and open relay
Hello!

I have a problem with ORBS. These guys just have tested my system and found
it is open relay :-\ Failed test was:

1999-10-12 05:57:20 11as7s-000NhI-00 "manawatu.co.nz!orbs-relaytest@???" rewritten as "orbs-relaytest@???" by rule 2
1999-10-12 05:57:21 11as7s-000NhI-00 <= sender@??? H=(relaytest.orbs.org) [202.36.148.5] U=OrbsRtst P=smtp S=1138 id=194.186.143.9@??? from <sender@???> for manawatu.co.nz!orbs-relaytest@???
1999-10-12 05:57:25 11as7s-000NhI-00 => orbs-relaytest@??? R=lookuphost T=smtp H=mail2.manawatu.net.nz [202.36.148.21] C="250 PAA15214 Message accepted for delivery"

The problem is that I try to handle bang!path addresses via rewriting
rules and for this I allow unqualified mails from anyone, so when Exim
receives message from 'manawatu.co.nz!orbs-relaytest', it qualifies it
with primary domain and then rewites it as 'orbs-relaytest@???'
with this rule:

^([^!]+)!(.*)@relay2\.kiev\.sovam\.com $2@$1 Tbcrt

But, as you see in log above, Exim uses rewritten form only for delivering
mail. Any other stages anyway perceive this address in original form
'manawatu.co.nz!orbs-relaytest@???' and so Exim allows
relaying, instead of looking it in final rewritten form
'orbs-relaytest@???' and deny relaying.

Is there possible solve for this problem except denying unqualified
senders/recipients?

Thank you.

--
doka