[Exim] Re: [SA-exim] Envelope From verify

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Dickenson, Steven
CC: exim-users
Subject: [Exim] Re: [SA-exim] Envelope From verify
On Thu, Feb 13, 2003 at 09:49:10AM -0500, Dickenson, Steven wrote:
> Just started testing SA-Exim for spam filtering for my site. So far, it's
> working well. Kudos on such a great idea.


I'm answering on the exim list, considering that this is loosely related
to my debian exim package and it's not really related to sa-exim

> Now, my question. I used Marc's Debian source tree to build a Woody package
> from the Exim 4.10 sources, and thus, I'm using his configuration file.
> I've marked some stuff out I don't need, but I'm worried about envelope
> sender verification. Since I'm filtering mail for some 500 users, I really
> don't want to wade through the logs and see which messages failed envelope
> sender verification, and then determine if the message was solicited or not.


I use logcheck against the exim logs and get rejects easily that way
2003-02-18 16:06:43 18lHl3-0004KG-00 H=216-211-204-246.firstgate.net (jingbanglot.com) [216.211.204.246]:4803 F=<fjhfdhgdz@???> rejected after DATA: Cannot accept 'From:' header address fjhfdhgdz@??? because it couldn't be verified: response to "RCPT TO:<fjhfdhgdz@???>" from mx3.hotmail.com [65.54.253.99] was 550 Requested action not taken: mailbox unavailable
2003-02-18 16:07:42 H=mail.vasoftware.com [198.186.202.175]:34401 sender verify fail for <info-nnsiunly@???>: response to "RCPT TO:<info-nnsiunly@???>" from mail.emailbargains.net [170.208.0.130] was 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

> I've also noticed more than a few legitimate mails being bounce because the
> sending server doesn't accept empty envelope senders, even to one mail
> recipient (a big violation of RFC2821 section 3.7).


Absolutely. My custom package at least returns a very explicit message
to those people.
http://marc.merlins.org/linux/exim/exim4-gooderror.demo.txt
550 Rejected during DATA: there is no valid sender in any header line
550-Cannot accept 'From:' header address merlin@???
550-because it couldn't be verified:
550-Called:   mailhub.bjt.net [209.237.6.2]
550-Sent:     MAIL FROM:<>
550-Response: 501 bogus mail from
550-This does not help fight spam effectively, breaks RFCs,
550-and prevents you from getting mail bounces back from us,
550 As a result, we cannot accept mail from you until you fix this


Philip has taken some of these changes for 4.11/12, and I've Emailed him
about the parts that aren't in yet (some may not get it the main exim
and may remain separate.

> So, what I'd like to do is to turn of envelope sender verification all
> together. However, I'm not that comfortable with Exim's ACL entries. I was
> messing with the configuration last night, and managed to end up temp
> rejecting everything coming in. Putting the configuration back solved the
> problem. Can anyone, Marc especially, tell me what lines to change/comment
> out of the exim4.conf.master file to disable these checks?


So you should have a file that closely resembles this:
http://marc.merlins.org/linux/exim/exim4-conf/exim4.conf.master

In check_rcpt, remove the following:

  # Now, do basic address checking, that we forgo if the receipient is in a
  # whilelist
  deny    hosts = !+localadds:!+host_disable_callback:*
          sender_domains = !+envdomain_disable_callback:*
      local_parts    = !+noenvfromcallback
         !verify = sender/callout=90s/check_postmaster


In check_data:, remove this:
  deny    hosts = !+localadds:!+host_disable_callback:*
          #sender_domains = !+envdomain_disable_callback:*
         !condition = $header_X-WhitelistedRCPT-nohdrfromcallback:
     !condition = ${lookup{${domain:$header_from:}}lsearch{HDR_DOMAIN_DISABLE_CALLBACK} {yes}{no}}
     !verify = header_sender/callout=90s/check_postmaster
      # Thanks to the exim4.gooderror.diff patch, exim will return
      # informative error messages. You can override that with a generic
      # message though
      #message = Header sender couldn't be verified



Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@??? for PGP key