[ On Thursday, September 27, 2001 at 23:52:07 (+0200), Bjoern Metzdorf wrote: ]
> Subject: [Exim] Question about rbl and host_accept_relay handling
>
> There were 2 things I noticed:
>
> 1. Some spammers (there were several) used a sender domain with a MX record
> pointing to 127.0.0.1 (tricky, eh?).
> Although "relay_domains_include_local_mx = true" should not be affected by
> this (there is no MX record of the recipient address pointing to 127.0.0.1)
> sender checks based on local mx entries will be affected by this.
The fault here is with the expectation that relay_domains_include_local_mx
can ever be used safely on a public network. It cannot. It causes your
mailer to trust data received from the network (unless you externally
filter all bogus unauthorised MXs from public DNS responses, I guess).
> 2. The spammers used IP addresses without reverse mapping. In the logs I saw
> that they were permitted (!) to relay, although they were not in any list of
> host_accept_relay. I suppose this is due to the +warn_unknown. All IPs if
> the spammers were listed in rbl databases.
host_accept_relay=+warn_unknown sounds like a fundamentally dangerous
option too.....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@???> <woods@???>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
