Re: [Exim] ACLs - much confusion.

Top Pagina
Delete this message
Reply to this message
Auteur: Daniel Bye
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] ACLs - much confusion.
--
On Fri, Aug 08, 2003 at 03:39:59PM +0100, Philip Hazel wrote:
> On Fri, 8 Aug 2003, Tim Jackson wrote:
>
> > Hi Daniel, on Fri, 8 Aug 2003 14:48:41 +0100 you wrote:
> >
> > > I have this in acl_check_rcpt:
> > >   accept  senders = *@domain1.co.uk : mailbox@???
> > >           endpass
> > >           message = unknown user
> > >           verify = recipient

> >
> > This is slightly tangential to your question, but whilst trying to block
> > mail from open relays, just be careful that you are not turning *yourself*
> > into an open relay with that rule. It depends on what rules you have
> > before it, but what happens if some random third party (i.e. spammer)
> > does:
> >
> > MAIL FROM: <thisisfaked@???>
> > RCPT TO: <spamvictim@???>
> >
> > ?
>
> Absolutely! You should *never* accept for arbitrary domains based only
> on sender address; at least check that the recipient domain is one of
> "yours".


I feel suitably chastened now. I know the config was bad. I have now added
a `domains = +local_domains' to it.

> As to the original question: are you sure the envelope addresses are
> actually those addresses? If those addresses came from From: header
> lines, they may not be what is being used in the envelopes.


They seem to be - F= in the logs shows the addresses I am trying to accept.
I have just enabled all logging to give me a better idea of what it
happening.

Dan

--
Daniel Bye

PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
--
[ Content of type application/pgp-signature deleted ]
--