RE: [Exim] Opinions sought on new ignore_hosts option

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: John Horne
CC: exim-users
Subject: RE: [Exim] Opinions sought on new ignore_hosts option
On Tue, 15 Aug 2000, John Horne wrote:

> So I guess my question is how will this new option behave/react with current
> configuration options such as 'host_accept_relay = localhost'? We also tend
> to specify 'localhost' as a negated item:
>
> helo_accept_junk_hosts = ! localhost
> rfc1413_hosts = ! localhost


None of these are relevant to the proposed new option, which will apply
only when a host name is looked up to find its IP addresses *for routing*.
The option will be a generic router option.

> simply because mail can come from localhost/127.0.0.1. However, we do want
> to prevent mail coming from a site that *claims* it is 'localhost' or has the
> spoofed IP address of 127/8. It seems that we can have one or the other but
> not both?


If another host can spoof 127.0.0.1, Exim can't tell the difference. All
it gets handed when a call starts is an IP address. But if, for example,
it sends

mail from:<x@???>

and you have sender_verify set, and y.z resolves to an A record with
127.0.0.1, then it could be ignored, causing y.z to be unrouteable, and
hence the sender to be rejected.


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.