Re: [Exim] Newbie help needed

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Dave C.
Dátum:  
Címzett: wvaughan
CC: exim-users
Tárgy: Re: [Exim] Newbie help needed
On Thu, 2 May 2002, wvaughan wrote:

> boy I am a newbie. attaching more info at bottom...
>
> > Phil Pennock wrote:
> > > On 2002-05-01 at 14:16 -0400, wvaughan wrote:
> > > > 2) some open-relay test sites fail me if i list
> > > >
> > > > domainlist local_domains = @ : steelerubber.com : \
> > > >       cadillac.steelerubber.com : steelrubber.com

> > > >
> > > >       -rather than just listing the "@". It appears if I am then vulnerable
> > > > to "From: <>" if I remember correctly. Is this not where I am supposed to list
> > > > all the domains exim should accept mail for?

> > >
> > > Uhm. That doesn't sound right, unless the test domain used for the
> > > relay testing was in one of those extra ones that you added. What was
> > > the actual error message given?
> >
> > It really never gave an error. I used the site at
> > http://members.iinet.net.au/~remmie/relay/
> >
> > On it's third test type it gets in... :(
> >
> > for server I used 166.82.96.6
> > and had the email sent to me
>
> Below is headers of email that got through
>
> Return-path: <>
> Envelope-to: wvaughan@???
> Delivery-date: Thu, 02 May 2002 09:32:15 -0400
> Received: from members.iinet.net.au ([203.59.24.150] helo=staff.iinet.net.au)
>         by cadillac.steelerubber.com with smtp (Exim 4.04)
>         id 173Ggw-0007jd-00
>         for wvaughan@???; Thu, 02 May 2002 09:32:14 -0400
> To: wvaughan@???
> From: @[166.82.96.6]
> Subject: test for susceptibility to third-party mail relay
> Date: <P>Thu, 02 May 2002 13:32:04 GMT</P>
> Message-Id: <rlytest-1020346324-25319@???>
> Sender: spammer@???

>


I presume that <wvaughan@???> is not an address (or even a
domain) that is local to you? If so, you need to figure out why you
are accepting mail for it. If you are deciding to accept mail based on
the contents of the envelope sender (MAIL FROM:), or the From: message
header, that THAT is the problem. Both of those are trivial to forge.

Your relay check should be based on sender host IP address (numeric IPs
only - no host names), or be based on SMTP AUTH...



> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>



--