Author: Justin Holdsworth Date: To: 'exim-users@exim.org' Subject: [Exim] Verifying sending domain is not local.
We are running exim 3.33 on our external facing mail hubs.
To prevent us being used as an external relay we have
host_accept_relay = 10.x.0.0/16
relay_domains =
"@:partial-lsearch;/usr/exim/files/relay-domains:[127.0.0.1]"
This seems to prevent relaying to/from arbitrary domains, and preventing
users masquerading as company users to send email to external addresses.
However, it is possible to connect to the mail servers externally masquerade
as a ompany address to send inbound email.
i.e. You can connect to the mail server, issue a mail from:
xxx@???, rcpt to: yyy@??? and have the email delivered. I
know I'm missing something, but need a bit of help in verifying if a machine
issuing a mail from: nopworld.com, rpt to: nopworld.com, is a valid machine
within our domain.
Any help appreiated
Thanks
Justin Holdsworth
*****************************************************
Any views or opinions are solely those of the
author and do not necessarily represent those of
NOP World or any of its associated companies.
*****************************************************
The information transmitted is intended only for
the person or entity to which it is addressed
and may contain confidential and/or privileged
material. If you are not the intended recipient of
this message, please do not read, copy, use or
disclose this communication and notify the
sender immediately. It should be noted that
any review, retransmission, dissemination or
other use of, or taking action in reliance
upon, this information by persons or entities
other than the intended recipient is prohibited.
*****************************************************
Recipients are warned that NOP World cannot guarantee
that attachments or enclosures are secure or error-free
as information could be intercepted, corrupted,
or contain viruses
*****************************************************