Re: [Exim] faking of sender-addr

Top Pagina
Delete this message
Reply to this message
Auteur: Philip Hazel
Datum:  
Aan: james
CC: exim-users
Onderwerp: Re: [Exim] faking of sender-addr
On Sat, 3 Jun 2000 james@??? wrote:

> Anyone can telnet mydomain.com 25
> MAIL FROM: root@???
> RCPT TO: user1@???
> DATE
> hi user. im the root. you are dump
> .
>
> What i want is to convert the sender-addr
> to root@??? or root@???
> whenever someone tries to send a message to (local) users
> with the sender-addr of one of my local domains.
>
> any idea ?


Others have pointed out that it is impossible to stop forgery of sender
addresses. (Just as it is impossible to stop forgery of paper mail sent
by normal postal methods, for the same logical reason.)

But there is one extra point to consider, which people often forget.
There isa a perfectly legitimate case when mail from root@???
may arrive from outside:

. root@??? sends mail to user1@???

. user1@??? has a .forward file, passing the message on to
user2@???

. user2@??? has a .forward file, passing the message to
user3@???

so the message comes back to your host from outside. This kind of thing
is much more common with mailing lists, of course. People fall into the
trap of thinking no mail from their.domain can legitimately arrive from
outside, but this is not correct. Heavy-handed blocking such messages is
usually a bad idea.

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.