Re: [Exim] New AOL Mailer for forgery filter (for Exim 4.x)

Top Pagina
Delete this message
Reply to this message
Auteur: James P. Roberts
Datum:  
Aan: Dr Andrew C Aitchison, exim-users
Onderwerp: Re: [Exim] New AOL Mailer for forgery filter (for Exim 4.x)
> > I understood that part. I was under the impression that some people
> > were considering looking at headers, in order to determine if a mail
> > "originated" from an AOL dial-up host, even though it was relayed
>
> I have the following in my acls:
>
> #!!# ACL that is used after the DATA command
> check_message:
>   deny    sender_domains = aol.com
>            message        = X-Forgery: NOT AOL MAILER
>            condition = ${if match {${lc:$h_X-Mailer:}}

{(?:aol|atlas)}{no}{yes}}
>
> This catches about 7 emails a day.
> The sender addresses in the reject log look like they are all spam
> (the connected sending host isn't useful, as my MX record point at
> my ISP* who do RBL type blocking for me).
> I take it that this is blocking some of punster's customers ?
>
> *(Some of) the people running my ISPs mail server share an office with
> Phil Hazel, so I consider it to be at least as well run as my own

server.
>
> --
> Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
> A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna
>


I doubt it would block any of my customers; but, it is best to make
sure.

From the 4.x online manual:
    sender_domains = <domain list>
    This condition tests the domain of the sender of the message against
the given domain list.


What exactly defines the "domain of the sender of the message"? Is it a
translated IP address (DNS lookup?), or is it simply taken "as is"
(text) from a header? Which header is it taken from? Is it the "From:"
or the sequentially first "Received: from" header? Or something else?
(Sorry, I'm not much of a C-code reader.) My guess would be, it is
simply taken from the "From:" header.

If it is, there should be no problem, because when my customers relay
their email through my server, (authenticated, of course), I re-write
the headers so that it is correctly indicated as coming from the
customer's domain (which I am hosting). As far as I know, the
"sender_domains" should then show up as their own domain, rather than
the domain of whatever AOL-dialup PC they might have connected to the
internet from. (Please see sample headers below).

If I understand it correctly (and I may not, please let me know), then
your ACL should NOT block any of my customers. (Yay!) This is one of
the reasons I do the headers re-write. (The main one being, my
customers are paying for a domain name, and they want their emails to be
seen as coming from that domain, not from mine.)

On the other hand, if "sender_domains" is somehow extracted from the
"Received:" headers, (which I hope it is not), then your ACL might,
indeed, block someone that it should not.

I hope this is helpful.

Jim Roberts
Punster Productions, Inc.

p.s.

Here is a sample header from a message from one of my customers, written
to me. As you can see, everything indicates that it originated from the
customer's domain (marketingsolutionsde.com), with the exception of the
"Received: from [63.121.118.244] (helo=hppav)" header. There is no
explicit domain name in that. A DNS lookup could tell you her ISP's
identity; although, my point is, you should not care what ISP a person
is using. A given customer might use several different ISP's during a
normal day (work, home, laptop on the road). It is the identity of the
SMTP server they are using that is important. (I think we all agree on
this? Yes? No?)

The host name (hppav) is quite useless; really, it's whatever the user
set in their Windows Network Identity box. More likely, whatever was
set in that box by the PC manufacturer! (Yes, in this case, I happen to
know the person has an HP Pavilion desktop = hppav *rotfl*).

Now, I could remove that header altogether, I suppose, if it would make
the domain hosting more "solid" and avoid problems; however, I prefer
not to mess with such things if I don't have to. (Ideally, I would show
you message headers from one of my AOL-using customers to some third
party, but I haven't got one of those on hand).

Return-path: <lransom@???>
Envelope-to: punster@???
Delivery-date: Wed, 18 Sep 2002 08:27:05 -0400
Received: from [63.121.118.244] (helo=hppav)
by puns01.punsterproductions.com with asmtp (TLSv1:RC4-MD5:128)
(Exim 4.02)
id 17rdv6-0000Yg-00
for punster@???; Wed, 18 Sep 2002 08:27:05 -0400
Message-ID: <000401c25f0e$eb2beae0$f476793f@hppav>
From: "Linda L. Ransom" <lransom@???>
To: "James P. Roberts" <punster@???>
References: <004101c25e57$1711bf80$04fea8c0@localnet>
Subject: Re: Hi There
Date: Wed, 18 Sep 2002 08:28:37 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Status:


And yes, I will upgrade to 4.12 as soon as I get a chance! ;)