Dear all,
this is my first posting to the list. I have built/installed/deployed
exim two days ago and I am happy with it. Yesterday I was looking for
some pointers around on how to write ACL rules to protect my server
from unwanted garbage and, amongst others, I came across these
written by Dave under the thread of this name. One of these rules
appears risky to me:
>
>
># All yahoo.com mail will have either
># "...yahoo.com via HTTP "
># *OR*
># "...yahoo.com with NNFMP"
>
> deny sender_domains = yahoo.com
> message = X-Forgery: NOT YAHOO SERVER
> condition = ${if match
>{$h_Received:}{yahoo.com.via.HTTP}{no}{yes}}
> condition = ${if match
>{$h_Received:}{yahoo.com.with.NNFMP}{no}{yes}}
I have this header from a yahoo account of just over a year ago:
Return-Path: <...@yahoo.com>
Received: from web13107.mail.yahoo.com (web13107.mail.yahoo.com
[216.136.174.152])
by drum.humph.com (8.11.3/8.11.3) with SMTP id f7REbjK04794
for <...>; Mon, 27 Aug 2001 15:37:46 +0100 (BST)
Message-ID: <20010827143743.31871.qmail@???>
Received: from [146.203.100.230] by web13107.mail.yahoo.com; Mon, 27
Aug 2001 07:37:43 PDT
...
and the Received: header does not contain "via HTTP" or "with NNFMP".
From then onwards all have "via HTTP". I think a better rule would be
to impose a more strict check of the EHLO/HELO command when the
sender in in any of these domains.
My real question is another, will this email show as coming from the
return address I set in Eudora, or from the user that authenticates
with the server when sending?
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
