Re: [Exim] ACLs - much confusion.

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Tim Jackson
CC: exim-users
Subject: Re: [Exim] ACLs - much confusion.
On Fri, 8 Aug 2003, Tim Jackson wrote:

> Hi Daniel, on Fri, 8 Aug 2003 14:48:41 +0100 you wrote:
>
> > I have this in acl_check_rcpt:
> >   accept  senders = *@domain1.co.uk : mailbox@???
> >           endpass
> >           message = unknown user
> >           verify = recipient

>
> This is slightly tangential to your question, but whilst trying to block
> mail from open relays, just be careful that you are not turning *yourself*
> into an open relay with that rule. It depends on what rules you have
> before it, but what happens if some random third party (i.e. spammer)
> does:
>
> MAIL FROM: <thisisfaked@???>
> RCPT TO: <spamvictim@???>
>
> ?


Absolutely! You should *never* accept for arbitrary domains based only
on sender address; at least check that the recipient domain is one of
"yours".

As to the original question: are you sure the envelope addresses are
actually those addresses? If those addresses came from From: header
lines, they may not be what is being used in the envelopes.



--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book