Hello list-exim-users,
Thank you for the suggestions. I should have been watching the debug a
little more closely. There was no problem with exim. It was a
Exim/Vmail-sql issue and nothing was wrong with vmail-sql either.
There was a forwarder directing email to the users email address.
Boy do I feel dumb. :{
--
Best regards,
list-exim-users mailto:list-exim-users@archrival.net
Thursday, September 5, 2002, 10:32:07 AM, you wrote:
===8<==============Original message text===============
leu> Hello exim-users,
leu> [There must be a less intrusive method to submit potential bug
leu> reports. I know you have to be active in the community, but joining a
leu> mailing list simply to submit a potential bug report? It's so
leu> intrusive on this end and likely we're missing a lot of bugs doing
leu> this way from people who would otherwise submit to perhaps a web
leu> forum? I find that less intrusive. It takes quite a number of steps to
leu> get to this point.]
leu> At any rate, here's a message I sent to the Postmaster(no other
leu> contact addresses) who directed me here. After shirking the idea off
leu> for a day I felt it necessary to go to the lengths to setup to receive
leu> this mailing list. Sheesh.
leu> ------------------------------------------------------------------------
leu> Apologies if this is not the correct address. If it is not, could you
leu> please forward this to the correct one? Thank you.
leu> It appears there is an exploit in Exim concerning allowing relaying to
leu> external SMTP servers.
leu> Our "local_domains" directive looks like this:
leu> local_domains = localhost:a-local-domain.com:mysql;select domain_name from domain
leu> where domain_name='$key'
leu> Now, this should allow relaying to domains that are hosted by our
leu> system, or that we specifically want to relay to and it does do that.
leu> However, it also allows relaying to servers we do not want to send to.
leu> Here's a concrete, tested example on our system:
leu> A local domain, 'local-domain.com'[edited], is on our system but has no email
leu> capabilities. It is simply active as an HTTP property. Now, when
leu> sending an email with this as the To: field -->
leu> [Edited from real, concrete example address that was causing problems]
leu> "non-local@???" <anything@???>
leu> (please do not contact the email address above, as it is one of our
leu> clients)
leu> The email is relayed to 'non-local-domain.com'[edited] which we do NOT want to relay
leu> to. It does this because apparently it looks at the
leu> 'local-domain.com'[edited]
leu> portion and decides that the email address is local, but it uses the
leu> non-local "non-local@???"[edited] email address for
leu> sending.
leu> Is this a known exploit and is there a way around it? I didn't see any
leu> mention in the FAQs concerning it.
leu> Thanks for any help that you may be able to provide, and thank you for
leu> Exim, great software!
leu> ------------------------------------------------------------------------
leu> Any ideas on this? Am I doing something wrong or is this an actual
leu> exploit?
leu> --
leu> Best regards,
leu> list-exim-users mailto:list-exim-users@archrival.net
leu> --
leu> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
===8<===========End of original message text===========
