Author: James P. Roberts Date: To: exim-users Subject: Re: [Exim] Backup MX ACL
> > I have a simple enough question regarding an ACL I am trying to create > > for exim-4.10. It is an ACL for any mail accepted for the @mx_secondary
> > domain list (ie domains the server is backup for), I would like to
> > restrict accepting the mail for just any domain that has an MX record
> > pointing at my server as this is open to abuse.
>
> I suppose it is possible to use that to mount a DoS attack on your server,
> my pointing their MX record at you, then getting the world to send *them*
> lots of mail (which now goes through your server). However they could do
> the same attack by sending mail to your address, so the only advantage is
> that the atack appears to be against them.
>
> I don't worry that I am accepting mail for anyone capable of listing me
> as their MX secondary.
Right. Anyone could try making me their MX, but it won't work unless I host their domain. That is, if they aren't specifically
listed in an appropriate ACL, Exim rejects any such mail, so it does them no good. In fact, it would be less effective as a DoS
attack than sending mail directly to my real address(es), because it would be bounced at SMTP time, instead of cluttering up my
inbox(es).
I think, so long as you write the ACL much like the local_domains-related ACL, (i.e. reject mail to any domain you are not accepting
responsibility for as a secondary), you should not have a problem.
