[Exim] RE: Rejecting forged local addresses

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Richard, WhidbeyNet NOC
Data:  
Para: miles
CC: exim-users
Assunto: [Exim] RE: Rejecting forged local addresses
We're also seeing a large number of spammers impersonating local
addresses. The headaches caused by this have no end, as customers think
their email has been "hacked", people think you allow spammers on your
system, customers get massive amounts of failure notices and spam
complaints, etc.

If anyone finds a good solution, please post it. We did the "reject if
not local" bounce for a day, but it caused problems with forwards and
mailing lists, as mentioned below.

What if you reject a message when the number of RCPT's is more than 1,
the IP address is not in relays, and the MAIL FROM is a local address?
Since forwards, and mailing lists, usually address messages to 1 RCPT
only.

Rich
richs@???

-----Original Message-----
From: exim-users-admin@??? [mailto:exim-users-admin@exim.org] On
Behalf Of Miles Davis
Sent: Tuesday, July 23, 2002 9:32 AM
To: exim-users@???
Cc: Jeremy Koch
Subject: Re: [Exim] Rejecting forged local addresses


On Thu, Jul 18, 2002 at 11:16:30AM +0100, Philip Hazel wrote:
> On 17 Jul 2002, Jeremy Koch wrote:
>
> > First, thanks to everyone who helped make Exim possbile. It is a
> > wonderful MTA.
>
> Thank you.
>
> > What I need to do is check the senders domain against my list of
> > local domains. If a match is found check the senders IP against
> > host_accept_relay. If the senders domain is considered local and
> > senders IP matches host_accept_relay the message is accepted. Clear


> > as mud? To put it anther way - If the senders IP is not found in
> > host_accept_relay and the senders domain is local the message gets
> > rejected.
>
> So if one of your users sends a message to another host, where the
> recipient happens to have forwarded their mail to another user at your


> site, you refuse it. Do you want to do that?


Ugh...there goes my latest great idea. :(

I don't suppose anybody has come up with a good way of implementing at
least a limited version of this? Like, if the email did not at some
point originate from something in host_accept_relay then deny it? What I
guess I want is something that looks through the recieved lines for a
match to one of my systems (not that those can't be forged, but I
haven't seen that yet).

--
// Miles Davis - miles@??? -
http://www.cs.stanford.edu/~miles // Computer Science Department -
Computer Facilities // Stanford University

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##