Re: [Exim] faking of sender-addr

Top Page
Delete this message
Reply to this message
Author: Peter Radcliffe
Date:  
To: exim-users
Subject: Re: [Exim] faking of sender-addr
Dr Andrew C Aitchison <A.C.Aitchison@???> probably said:
> On Sat, 3 Jun 2000 james@??? wrote:
> > I'm new to exim and have some problems which
> > seems to be unsolveable for me :)
> >
> > Anyone can telnet mydomain.com 25
> > MAIL FROM: root@???
> > RCPT TO: user1@???
> > DATE
> > hi user. im the root. you are dump
> > .


This can be done with any MTA.

email is not a secure method of comunication, I can produce mail that
appears to come from a completely different person and you cannot
trace (anonymous open relays).

If you want to be sure who a particular mail comes from, use a
cryptographic method to sign it.

> > What i want is to convert the sender-addr
> > to root@??? or root@???
> > whenever someone tries to send a message to (local) users
> > with the sender-addr of one of my local domains.
>
> If you have unix users, mail from daemons such as cron, as well as any
> mail that is really from root, could get caught by that.


and you have to be careful about which sender addresses you check -
pine can send smtp mail like this.

> The usual approach is to ensure that the headers contain enough information
> to catch anyone who does this; rather than changing the sender address.
> I would start by looking at the options sender_verify and rfc1413_hosts.


ident is useful, and in this case should tell you who sent the actual
mail.

If you really want to rewrite things like this, write a rewrite rule
that matches a regexp on the users you want to check, then put a
condition in the rewrite to only change it if it's local mail and the
ident doesn't match the apparent local part.

Sorry, not an ineresting enough problem for me to bother writing it.
You can find details on doing this in the rewrite, string expansion
and conditionals sections of the spec.

P.

-- 
pir                  pir@???                    pir@???