Dear all,
we've been using Exim since 1.5x but the following problem with Exim
4.10 has a) got us all stumped b) caused us lots of embarrassment.
The following filter file is meant to allow 3 specific IP addresses to
e-mail "mail-list@???". In general it works - it logs to the
specified log file. However, it doesn't always work.
Now we're not getting arbitrary people sending spam through to this
address - the problem we have is that some addresses on the mailing list
(and there are 50000, supplied to us by a goverment department) send the
mail back, unaltered to the mailing list itself (the To: address, not
the From: nor the Reply-to:) causing a classic loop, limited purely by
the amount of memory on the mail server.
Perhaps there is something I don't understand about first_delivery or
sender_host_address? AFAICT sender_host_address is set in daemon.c to
definitely be the incoming IP address, so it can't be that surely. As I
said, I am completely confused. Is the mail filter read for every
incoming message? Are there occasions when sender_host_address isn't
set?
nic
# Exim filter
# This filter has been produced to handle messages that have been forwarded
# back to the example closed-maillist - JPM 19th Sept 2001
# Modified to include logging and alerting - JPM 10th May 2003
# Don't proceess the system filter for every delivery of a message, just the first delivery.
if not first_delivery
then
finish
endif
# The follow short section of logic is specific to example.
# If the messages is to mail-list then check it is from a valid host, log and
# alert as necessary.
if $h_to is "mail-list@???" or $h_to is "mail-list@???" or $h_to is "mail-list1.example.gov.uk" or $h_to is "mail-list2.example.gov.uk" or $h_to is "mail-list3.example.gov.uk" or $h_to is "mail-list4.example.gov.uk" or $h_to is "mail-list5.example.gov.uk" or $h_to is "mail-list6.example.gov.uk" or $h_to is "mail-list7.example.gov.uk" or $h_to is "mail-list5.example.gov.uk" or $h_to is "mail-list1.lists.example.gov.uk" or $h_to is "mail-list2.lists.example.gov.uk" or $h_to is "mail-list3.lists.example.gov.uk" or $h_to is "mail-list4.lists.example.gov.uk" or $h_to is "mail-list5.lists.example.gov.uk" or $h_to is "communication@???" or $h_to is "communication@???" or $h_to is "mail-list1@???" or $h_to is "mail-list2@???"
then
logfile /var/spool/exim/log/system-filter.log 0644
if $sender_host_address is "195.188.239.74" or $sender_host_address is "212.219.213.36" or $sender_host_address is "212.219.213.39"
then
logwrite "$tod_log $message_id example message sent $sender_host_address"
mail to oncallpager@??? text "$tod_log: example mailing $h_subject message-id: $message_id sent - please verify message legitimacy"
mail to support-office@??? text "$tod_log: example mailing $h_subject message-id: $message_id sent - please verify message legitimacy"
finish
else
logwrite "$tod_log $message_id successfully blocked example relay from $sender_host_address"
fail text "This message has been rejected because it has it been forwarded\n\
\tan invalid MTA ${sender_host_address} and has probably been falsly relayed\n\
\tIf you have any further queries please contact:\n\
\t\tmailto:postmaster@mail.example"
seen finish
endif
endif
--
Nic Doye
Senior Unix Systems Programmer - NISS
EduServ
Queen Anne House
11 Charlotte Street
Bath BA1 2NE
Tel. +44 (0)1225 474300
Fax. +44 (0)1225 474301
http://www.eduserv.org.uk
DDN: +44 (0)1225 474325
mailto:nic.doye@niss.ac.uk
EduServ - home of Athens, CHEST, NISS and EduServ Technologies
