Re: [Exim] Rejecting Email with bad sender MX

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Rick Ballard
CC: exim-users
Subject: Re: [Exim] Rejecting Email with bad sender MX
ignore_target_hosts was created _specifically_ to counter this
insidious spammer behavior.

I have added the following to my lookuphost router. I also have
sender_verify and sender_verify_reject set true.

lookuphost:
driver = lookuphost
ignore_target_hosts = 127.0.0.1:192.168.0.0/16:10.0.0.0/8
transport = remote_smtp

If someone has

domain.com    MX    10 mail.domain.com.
mail.domain.com A     127.0.0.1


or

domain.com    MX    10 mail.domain.com.
mail.domain.com A     192.168.45.67


It will reject any mail with a sender in the domain in either case, as
this makes exim consider both of those MX records as invalid.

As far as a spammer setting their MX to some random (valid) host, look
into the sender_verify_callback stuff in the newest versions of exim.
It is a costly check, but on a lightly loaded server might be worth it
(I have this set on my personal server)


On Tue, 6 Feb 2001, Rick Ballard wrote:

> I am beginning to see that there is probably no
> way of doing exactly what I want to do.
>
> The problems here are
>     (1) that all the sender addresses verify, but
> the sender has a purposely invalid MX record.
> This is a new (to me) and insidious spammer
> behaviour.
>     (2) I am trying to stop mail coming FROM
> someone with an invalid MX record, because it is
> probably spam.

>
> If MX=127.0.0.1, then it can be caught by
> sender_verify, but if, for example,
> MX=192.168.1.1, it looks OK to EXIM. Even,
> worse, they could set the MX to point to any
> random address they want, and I guess there
> would be no way of trapping it.
>
> AFAIK, sender_verify doesn't check the MX
> record, except to see if it points to the local
> host. Even though all other addresses can be
> verified, no mail can be sent back them, and
> they apparently don't want any mail sent back to
> them. This can be used as a spam signature,
> using one of their own tricks against them by
> failing any incoming mail with the invalid MX
> signature.
>
> I can't find anything in the EXIM manual about
> checking the MX record of the sender of an
> incoming message, except for pointing to the
> local host.
>
> BTW, the mail probably is arriving via direct
> injection - but is passing all three mail-
> abuse.org RBL lists.
>
> I also have the following, but these generate
> warnings only for MX=127.0.0.1. I was not able
> to enable sender_verify_reject due to non-spam
> email being rejected.
>
> sender_verify = true
> sender_verify_fixup = true
> sender_try_verify=true
> sender_verify_reject = false
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Rick Ballard            Rick.Ballard@???
> Halifax, Nova Scotia, Canada    http://www3.ns.sympatico.ca/Rick.Ballard

>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>


--