Re: [Exim] Re: Ho hum... Blackhole Lists...

Góra strony
Delete this message
Reply to this message
Autor: Dirk Koopman
Data:  
Dla: exim-users
Temat: Re: [Exim] Re: Ho hum... Blackhole Lists...
On Tue, 2002-02-19 at 11:02, Suresh Ramasubramanian wrote:
> +++ Dirk Koopman [exim-users] <19/02/02 10:43 +0000>:
> > It appears that one of exim users has been blackholed. Is this a known
> > problem that I haven't kept upto speed with (exim 3.33) or is this
> > something to do with how Spam Assassin is set up?
>
> No. ORBZ (http://www.orbz.org) relaytested your IP. Spamassasin picked up
> the relaytest and reported it to you.
>
> Nothing to see here ...


Sorry, perhaps I haven't made myself clear. It has passed it to spam
assassin and then got itself reinjected (see more)
>
>     -srs

>
> > 2002-02-18 16:21:10 16cqXO-0004gy-00 <= bounce-5qiku3to@localhost
> > H=sender.orbz.org (orbz.org) [205.231.149.53] U=sender P=smtp S=1064
> > id=5qIkU3tOGAYgl48sF3LJNWhylACzzf1K.1.8@???
> > 2002-02-18 16:21:11 16cqXO-0004gy-00 => relay@???
> > <"relay@???"@localhost> D=send_to_spamc T=spam_scanner
> > 2002-02-18 16:21:11 16cqXO-0004gy-00 Completed
> >


2002-02-18 16:21:11 16cqXP-0004hU-00 <= bounce-5qiku3to@localhost
U=spamd P=spam-ok S=1292
id=5qIkU3tOGAYgl48sF3LJNWhylACzzf1K.1.8@???
2002-02-18 16:21:12 16cqXP-0004hU-00 => relay@??? R=lookuphost
T=remote_smtp H=a.mx.orbz.org [205.231.149.25]
2002-02-18 16:21:12 16cqXP-0004hU-00 Completed

It has gone thru spam assassin and when it was re-injected it has been
re-issued with the quoted localpart.

The issue is: How do I stop a construct like
<"relay@???"@localhost> being evaluated as a valid rcpt-to address.

It is, as far I am concerned, an invalid address, I want to reject it
immediately. Also, how come I am accepting things @localhost from a
non-localhost address - this is clearly wrong and shouldn't be possible.

From the "FM" which I "RTed".

"This includes the case of addresses such as "x@y"@z where z is a local
domain, which are sometimes used in an attempt to bypass relaying
restrictions. Exim treats such addresses as having a local part x@y --
it does not strip off the local domain and treat x@y as an entirely new
address. Assuming that x@y is not a valid local part, this means that
the address is rejected, either at SMTP time if receiver_verify is set,
or later when Exim tries to deliver to it."

For this system (which has both receiver and sender_verify set) this
doesn't appear to be true for the local_domain of "localhost" (at
least). You can also take it that relay@??? is *not* a valid local
part on this system.

The relevant Director is:-

send_to_spamc:
driver = smartuser
transport = spam_scanner
condition = ${if eq {$received_protocol}{spam-ok}{no}{yes}}

It is placed just above the "normal" local delivery, so that it affects
only true local deliveries and not mailing expansions et al.

Flummoxed of Dereham

Dirk Koopman
--
Please Note: Some Quantum Physics Theories Suggest That When the
Consumer Is Not Directly Observing This Product, It May Cease to
Exist or Will Exist Only in a Vague and Undetermined State.