Re: [Exim] Duplicated Mails

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MTamas TEVESZ at <-
MSteve at ->
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: Tamas TEVESZ
CC: exim-users@exim.org
Subject: Re: [Exim] Duplicated Mails
On Fri, 25 Oct 2002, Tamas TEVESZ wrote:

> > Hmmm, btw this could be used as an open-relay, very nice ;)
> >
> > Send someone who uses fetchmail in a broken config like this, an mail that
> > looks like this.
> >
> > To: spamme@???
> > BCC: spammore@???
> > BCC: anotherspam@???
>
> how exactly ?
>
> it's *exim* who adds the *final* envelope-to: based on the smtp rcpt
> to: or something. this definitely has *nothing* to do with the
> in-message headers. then, fetchmail decides on the *envelope-to*
> header, which in turn is added by a trusted exim.
>
> the only way to turn this into an open relay is by having an
> open-relay exim at the first place.
>
> no freaking way i'm ever going to route messages based on headers i'm
> not in full control of.

I was talking about a wrong configured fetchmail.

Scenario
Host1(spammer) -> HOST2(provider) -> Host3(fetchmail)

Host1->Host2

MAIL FROM: i.am.a@spammer
RCPT TO: user@host3
DATA
To: user@host3
CC: target1@???
CC: target2@???

Spamtext
.
QUIT

Host3 fetches from Host2 via fetchmail and reinjects the mail via
sendmail -f %F
To: user@host3
CC: target1@???
CC: target2@???

Spamtext
.

What happens?
Exim trusts fetchmail, receives the mail and sends it to all the Header
receivers (user@host3,target1@???,target2@???)

Again, i was talking about a WRONGLY configured fetchmail, like steve had.

ciao




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Duplicated MailsRe: [Exim] Duplicated Mails->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)