[Exim] blocking forged sender addresses (exim v3)

Top Page
Delete this message
Reply to this message
Author: Adrian Bridgett
Date:  
To: exim-users
Subject: [Exim] blocking forged sender addresses (exim v3)
Well I've just got one more thing to do before rolling out exim at work, but
I've been at it all night, searching the web, email lists etc and got around
to thinking "I'll ask the experts" :-)

Exim is _not_ acting as an open relay, however it does accept messages to be
_locally_ delivered from anyone when the envelope sender says
"adrian@???" (or adrian@localhost).

I'd like to restrict this so that it doesn't accept emails from the internet
with my domain (or localhost) as the sender. However I still want to accept
emails from internal machines with such sender addresses.

I'm trying something like this:
# transports
dev_null:
driver = pipe
user = mail
command = "/bin/dd of=/dev/null"
...
# directors
bad_sender:
senders = smop.co.uk : localhost
driver = smartuser
condition = ....
transport = dev_null

The condition bit is causing the most grief, I was trying something like this

  condition = "${if and {{def:sender_host_address}  \
      { eq {${mask:$sender_host_address/24}}{192.168.8.0/24}}}"


but this fails

17r3ni-0002Hj-00 failed to expand condition"${if and
{{def:sender_host_address} { eq {${mask:$sender_host_address/24}}
{192.168.8.0/24}}}" for bad_sender director: "" is not an IP address

The best luck I've had is using a lookup rule to check the $sender_host_name
in /etc/exim/domains, excluding when the protocol is "local" or "scanned-ok"
(spamassassin hacked in).

I suppose the follow question is "and what's the best way to return a nice
message to the (ab)user rather than just /dev/null-ing it?".

Exim-3.35 (with perl support but there must be a way that doesn't involve
perl (not that I mind that much))

Cheers

Adrian

Email: adrian@???
Windows NT - Unix in beta-testing. GPG/PGP keys available on public key servers
Debian GNU/Linux -*- By professionals for professionals -*- www.debian.org