Re: [Exim] Preventing forged From: headers (exim 3.36)

Pàgina inicial
Delete this message
Reply to this message
Autor: Robert Lister
Data:  
A: Leonardo Boselli
CC: ice, exim-users
Assumpte: Re: [Exim] Preventing forged From: headers (exim 3.36)
On Tue, Jun 25, 2002 at 05:18:34PM +0200, Leonardo Boselli wrote:
> I keep the entire message as quoting.
> I have to say that what you are tryng to do, and also TT- help is
> extremely dangerous.
> You could do it on a list_by_list basis, if you know that messages
> to the list can come only from internal network (in that case you
> caould just make an IP check)
> YOU CANNOT DO for regular user.
> Suppose two scenarios [very common ..]
> Two of your users subscribe to a list, outside your domain, so everi
> message sent by one of them is sent to the other. so the list
> processed message will come from aoutside, whit a local from.
> You cannot set an exception list, since you should know all
> possible routings for any possible list.
> This message would be bounced and some server (say yahoo, for
> example) would just kick out the user generating bounces, without
> his/her cause, just due your settings !!


I don't really understand what you mean.

No users should send "from" my domain unless they were on a client from an
IP address authorized to do so, inside this network. period.

If they're outside my network, they shouldn't be sending me e-mail with my
own domain in the "From:" headers. I want a filter to pick this up and
throw it away (not reject it, but discard it, as the sender/From: header
is of course forged, and so the bounce message goes to the list, usually
quoting the spam.)

*sigh*


F*&^*&^*&ing spammers making life complicated!

This is clearly abuse of the system. So damned underhand. And the spammers
wonder why we get so annoyed with them.

The lists that live on this box are being abused by spammers who forge the
from: headers because our own domain is allowed to post to the lists, it
would seem, unconditionally, by our config.

For reasons too complicated to go into here, I have to have a whitelist of
domains rather than subscribe users to the list directly. (My lists are a
"lists of lists" with locally administered exploders, any of the people at
any of the sites subscribed to the exploder may wish to post to the list,
so to allow that, their entire domain must be on the whitelist of allowed
posters.)

This domain whitelist system has worked perfectly for years with no
problems whatsoever. Now the spammers have this trick, and somehow all my
list addresses have got on to a load of their spam lists.

The list software receives the e-mail with the forged sender/From: faked
(usually to the same address at the To: header). The From: header is on
the whitelist, and the spam gets re-distributed to the list, much to the
annoyance of my list subscribers!

Anybody got a global site config that says "if you're pretending to be
from this domain and you're not inside this network" then reject the SMTP
transaction." ??

Rob


--
Robert Lister    -        robl@???    -    http://www.lentil.org