Re: [Exim] blocking forged sender addresses (exim v3)

Top Page
Delete this message
Reply to this message
Author: Tony Earnshaw
Date:  
To: Odhiambo G. Washington
CC: exim-users
Subject: Re: [Exim] blocking forged sender addresses (exim v3)
--
tir, 2002-09-17 kl. 10:43 skrev Odhiambo G. Washington:

> Mostly I am left speechless as to how I can prevent someone masquerading
> as me.


> Your idea looks quite nice, until you have thousands on addresses, both real
> system users and virtual accounts:


> Maybe there is a better way out somewhere.


I just sshed to a shell account I have in another country and telnetted
back to billy.demon.nl, port 25, and said I was tonni@???
and tried to send a mail to someone else on another server.

I got a very rude message back (definitely not rfc standard) from Exim 4
on billy.demon.nl (which is a dialup machine and not normally on the
Internet, apart from picking up mailkicks from my ISP, as well as
sending mail directly to Internet domain mail servers).

Why? Because I have the following in my config file:

# Main section:

hostlist relay_from_hosts = localhost # Could be a list, or a lookup,
                      # could be a domainlist, ditto.


# ACL section:

accept domains = +localdomains           # defined in main section
accept hosts = +relay_from_hosts      # ditto
deny message = Very rude Message


As Greg says, Exim 4 is *enormously* flexible and will do more or less
exactly what you tell him to. There are often many ways of achieving the
same end.

The only problem is, learning and employing Exim's language.

Best,

Tony

--

Tony Earnshaw

Tha can allway tell a Yorkshireman, but tha canna tell 'im much.

e-post:        tonni@???
www:        http://www.billy.demon.nl
gpg public key:    http://www.billy.demon.nl/tonni.armor


Telefoon:    (+31) (0)172 530428
Mobiel:        (+31) (0)6 51153356


GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
3BE7B981


--
Content-Description: Dette er en digitalt signert meldingsdel

[ signature.asc of type application/pgp-signature deleted ]
--