[Exim] Wilcard expansion with LDAP Search

Top Page
Delete this message
Reply to this message
Author: Samuel Piau
Date:  
To: exim-users
Subject: [Exim] Wilcard expansion with LDAP Search
Hello,

I am using exim with a LDAP server containing the mail users entries (email
addresses, user names and maildir directories).
I have setup a rewrite lookup and it is working fine :

*@* "${lookup ldap{USER=cn=admin,ou=people,o=company,c=fr PASS=password
ldap://ldap.company.fr:389/o=company,c=fr?mailreal?sub?(|(mail=$1@$2)(MailAl
ternateAddress=$1@$2))} {$value}fail}" frFs

Recently I noticed that sending email to '*@company.fr' (the real *
character) makes an expansion in that ldap search to all user entries. Thus
all people receive 1 copy of the mail sent to '*@company.fr'. I had not
thought about this and this is dangerous because anybody outside can send
mail and spam to all the users.
How do I prevent this so that email addresses like '*@company.fr' or
'*.*@company.fr' get rejected with an error message ?

--
Samuel Piau