[Exim] SMTP Spoofing - Preventing Local Relaying

Top Page
Delete this message
Reply to this message
Author: Mail List
Date:  
To: exim-users
Subject: [Exim] SMTP Spoofing - Preventing Local Relaying
Hi,

Thanks Tim for your reply, I appreciate your help.

>Right. This statement suggests to me that you are a bit confused.


:-)

Yep, you're correct, I'm a bit lost.. I've only been using Exim for maybe
6-7 weeks and I'm still getting accustomed to the differences between it
and the Sendmail systems (and 1 Qmail system) that I've previously
operated. Actually I still run two Sendmail boxes (sendmail 8.9 and 8.11 -
spent yesterday patching them) and this Exim build switched out Qmail 1.03,
which I only ran (Qmail) for maybe 10 months. But neither of those two
MTA's behave in the manner I describe.. So yep, I'm a bit confused here.. :-)

So if I use RBL checking on my Exim setup -and Joe spammer at
mail.emailbargains.net wanted to send a 1000 pieces of spam to
postmaster@??? or user@??? - he could do so regardless of
anything I do to try and stop him..<?> If I'm using RBL checking and Joe
tries to send his spam to my box from SMTP mail.emailbargains.net, it gets
rejected at RCPT because mail.emailbargains.net shows up in spamhaus.org.

--BUT-- Joe can get around any checks by simply setting his SMTP to
myserver.com -then my system will accept his spam and hand it off to any
domain/user on the server that he knows exists on the box <which is what's
happening>. Joe doesn't need a valid user-id or password from any domain
on my system -the MTA will accept his spam and deliver it to any local
domain that he addresses it to, if he knows it's on the box - he simply
uses myserver.com as his SMTP server..

>In summary, if your machine is an MX for domainB.com, then it will of
>course be possible for anyone to set your machine as an "outgoing" SMTP
>server in their config and send mail to domainB.com. It won't be
>particularly useful for the end-user, as the "outgoing mail server"
>setting is really intended to have a server which will relay to arbitrary
>domains in it, but as long as your server is only accepting mail for
>domains it's configured for and not arbitrary domains - what's the
>problem? That's how e-mail works!


Bingo, thanks -you hit the nail on the head.. It's not really a problem,
though I could see potential for abuse to my local domains if someone
really wanted to take the time and mess with me (and had enough info
regarding domains housed on the system) -it's just not what I'm accustomed
to. If I tried to do this with my Sendmail boxes -send mail using
sendmail.myserver.com to domains housed on the sendmail box, I won't get
very far. The mail will never leave my outbox (sending not from the server,
but from my desktop via my ISP using sendmail.myserver.com).

But you're right, it wouldn't be particularly useful to anyone -the Exim
setup is not relaying mail out to the net which is what I really don't want
happening of course.. My only concern was with how easy it is to get around
the checks and possibly hit the box (domains/users) with a spam run if
someone wanted to take the time and knew the names of some of the domains
housed on the box.. But I guess that's just how it works.. :)

Thanks again for your time and assistance..!

Best Regards,
Craig