Re: [Exim] Spammer spoofing as a nonexistant user on my syst…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MRick Duvall at <-
MMatthew Palmer at ->
Delete this message
Reply to this message
Author: Rick Duvall
Date:  
To: exim-users
Subject: Re: [Exim] Spammer spoofing as a nonexistant user on my system!
Fixed the problem....

It was so simple it was stupid. I am running Amavis and I needed to set the
"no_verify" option in the amavis director. Otherwise, the amavis director
just accepts all messages.

Sincerely,

Rick Duvall
----- Original Message -----
From: "Rick Duvall" <rduvall@???>
To: "Nigel Metheringham" <Nigel.Metheringham@???>
Cc: <exim-users@???>
Sent: Wednesday, June 18, 2003 9:38 AM
Subject: Re: [Exim] Spammer spoofing as a nonexistant user on my system!


> Well, before upgrading to 4.2, I am trying the receiver_verify options. I
> currently just set
>
> receiver_verify = true
> receiver_verify_hosts = *
>
> I hup the process, and now every address I try on the system (after
removing
> the catchall, of course) says "verified" in an SMTP session. Could the
fact
> that I am using the smartuser to authenticate users have anything to do
with
> it?
>
> To those on the list: I am trying to reject email where the rcpt to
address
> doesn't exist on the system...
>
> Sincerely,
>
> Rick Duvall
> ----- Original Message -----
> From: "Nigel Metheringham" <Nigel.Metheringham@???>
> To: "Rick Duvall" <rduvall@???>
> Cc: <exim-users@???>
> Sent: Wednesday, June 18, 2003 9:21 AM
> Subject: Re: [Exim] Spammer spoofing as a nonexistant user on my system!
>
>
> > On Wed, 2003-06-18 at 17:01, Rick Duvall wrote:
> > > Is there any way to block
> > > messages that are to an address that doesn't exist? The only problem
I
> see
> > > with doing that is that spammers could then connect to my port 25 and
> test
> > > until they find a good address.
> >
> > They are effectively scanning you for addresses anyhow - accepting the
> > messages is just giving you the chance to pay for bandwidth etc.
> >
> > For exim 3.x use the various receiver_verify options - see
> > http://www.exim.org/exim-html-3.30/doc/html/spec_11.html#SEC326
> >
> > Control of this is better in exim 4. Adding sender verification also
> > gets rid of stuff from unroutable senders - although spammers just use
> > someone elses domain - ie yours.
> >
> > Nigel.
> >
> > --
> > [ Nigel Metheringham           Nigel.Metheringham@??? ]
> > [ - Comments in this message are my own and not ITO opinion/policy - ]

> >
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
> details at http://www.exim.org/ ##
> >
> >
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim
details at http://www.exim.org/ ##
>
>



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] callout give a defer instead a acept?RE: [Exim] Syntax for a MySQL select true/false statement->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)