Re: [Exim] Preventing forged From: headers (exim 3.36)

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M..MTamas TEVESZ at <-
M+\Robert Lister at ->
Delete this message
Reply to this message
Author: Leonardo Boselli
Date:  
To: robl, ice
CC: exim-users
Subject: Re: [Exim] Preventing forged From: headers (exim 3.36)
I keep the entire message as quoting.
I have to say that what you are tryng to do, and also TT- help is
extremely dangerous.
You could do it on a list_by_list basis, if you know that messages
to the list can come only from internal network (in that case you
caould just make an IP check)
YOU CANNOT DO for regular user.
Suppose two scenarios [very common ..]
Two of your users subscribe to a list, outside your domain, so everi
message sent by one of them is sent to the other. so the list
processed message will come from aoutside, whit a local from.
You cannot set an exception list, since you should know all
possible routings for any possible list.
This message would be bounced and some server (say yahoo, for
example) would just kick out the user generating bounces, without
his/her cause, just due your settings !!

On 25 Jun 2002, at 15:34, Robert Lister wrote:
>
> Hi,
>
> I am getting a lot of spam recently that is making it to my mailing
> lists, because the From: header is forged as coming from my domain,
> which is on the mailing list's allowed whitelist of domains to accept
> mail to send to.
>
> I have to have domain whitelists because many of the entries on the
> mailing list are local exploders for each site, so for this list I
> can't have specific entries, but people need to be able to post to the
> list from a specific domain even though they are not subscribed to the
> list.
>
> Problem is when a spam comes in:
>
> From: some.list@???
> To: some.list@???
>
> The From: header is a permitted domain on the whitelist, so the spam
> goes to the entire list.
>
> Is there anyway I can configure exim 3.36 only to accept mail "From:"
> my local_domains ONLY from hosts permitted in host_accept_relay?
>
> I.e. if somebody attempts to forge a message From my domain and it
> wasn't generated locally, bin it?
>
> I kinda think you should be able to do this using a filter, and at the
> moment have specific recpients in there, but is there a more global
> way of doing it?
>
> Any help would be most appreciated.
>
>
> Rob
>
>
>
> --
> Robert Lister    -        robl@???    -
> http://www.lentil.org

>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/ ##
>


Leonardo Boselli
nucleo informatico e telematico
Dipartimento Ingegneria Civile
Universita` di Firenze
V. S. Marta 3 - I-50139 Firenze
tel +39()0554796431
cel +39 3488605348
fax +39()055495333
http://www.dicea.unifi.it/~leo


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Preventing forged From: headers (exim 3.36)[Exim] Relaying?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)