Re: [Exim] Getting past receiver_verify?

Top Page
Delete this message
Reply to this message
Author: Scott M. Nolde
Date:  
To: exim-users
Subject: Re: [Exim] Getting past receiver_verify?
Greg Ward(gward@???)@2002.06.04 16:24:46 +0000:
> On 04 June 2002, Scott M. Nolde said:
> > I had a spam email enter my exim server and get to my account, but the To:
> > header wasn't the proper account at all.
> >
> > Some of you may have already received this spam, but i'd be very
> > interested if someone has information as to why this email got past
> > receiver_verify?
>
> Because receiver_verify looks at the envelope recipient, not the header
> recipient:
>
> > Here's the headers as I received them:
> > From lmn332@??? Tue Jun 04 11:31:16 2002
> > Return-path: <lmn332@???>
> > Envelope-to: scott@???
>                ^^^^^^^^^^^^^^^^
> Presumably this passed sender_verify.

>
> [...]
> > To: togo2903d@???
>       ^^^^^^^^^^^^^^^^^^^^^

>
> This is irrelevant to sender_verify.
>
> No, you should not reject messages with a "To" header not pointing at
> your domain -- that would prevent users at your site from subscribing to
> most mailing lists!
>
>         Greg
> --
> Greg Ward - software developer                gward@???
> MEMS Exchange                            http://www.mems-exchange.org

>
> --


Ok, thanks for the clue. I wasn't thinking about creating a filter based
on the To: header, but thanks for the info. I've LARTed the offending IP
address and added the offending spamvertized domain to my spammers list.

--
Scott Nolde
GPG Key 0xD869AB48