Re: [Exim] exim 3.12 3.35 bug

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Dennis Davis
Datum:  
To: vahid
CC: exim-users
Betreff: Re: [Exim] exim 3.12 3.35 bug
>From: vahid <me@???>
>To: exim-users@???
>Subject: [Exim] exim 3.12 3.35 bug
>Sender: exim-users-admin@???
>Date: Wed, 23 Jul 2003 17:17:16 +0100
>
>ORDB spotted an openrelays problem with exim and i wonder if anyone
>here knows the solution
>
>
>if you send an email to:
>
>"someone@???
>
>it will send the message to someone@???
>
>is there a rule I can put in to block this ?


This isn't a problem or bug with exim. Exim is very flexible and
will do what you tell it to do. Including act as an open relay. So
it's a problem with your configuration.

Your subject line indicates you are using exim3. You really should
consider upgrading to exim4. That's where all the development is
concentrated. Also exim3 expertise is getting thin on the ground
as people switch to exim4. The *real* clincher should be that the
default exim4 configuration contains an ACL that covers what you
want to do:


# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.

# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is common.
# However, actually starting with a dot may cause trouble if the local part
# is used as a file name (e.g. for a mailing list).

  deny    local_parts   = ^.*[@%!/|] : ^\\.



I'm rapidly forgetting all the exim3 I knew. But from ancient
configurations I've used you might consider using a director similar
to:


refuse_multihop_relaying:
driver = smartuser
domains = *
local_parts = ^.*[!%@]
verify_only
fail_verify


and a router similar to:


refuse_multihop_relaying:
driver = lookuphost
domains = *
local_parts = ^.*[!%@]
verify_only
fail_verify


I've no longer any way of testing the above. So you'll have to play
with them yourself.