Re: [Exim] where is this evident security option in Exim ?

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Andreas J Mueller
Fecha:  
A: Vincent
Cc: exim-users
Asunto: Re: [Exim] where is this evident security option in Exim ?
Hi Vincent!

> The idea is to stop accepting mails from any server. I just want to accept mail
> from "official" servers. I mean servers which are in the MX records of
> the domain the mail is originating.


These are not "official" servers. MX records deal with who is
responsible for incoming mail to this domain, not with who is
responsible for outgoing mail from this domain.

> For example, mail with From as xxx@??? coming from
> mx1.mail.yahoo.com or mx2.mail.yahoo.com or mx4.mail.yahoo.com is Ok.
> But mail with From field as xxx@??? coming from
> not.good.server.com is not OK.


I have yet to see mail from xxx@??? coming from
mx?.mail.yahoo.com. Yahoo! Mail uses web*.mail.yahoo.com as outgoing
SMTP servers. So sorry, but this won't work.

> I think this is an ordinary need but... I don't find this possibility.


This is an often requested feature, but the current DNS structure does
not allow for it. If you really want to do something similar, you'll
have to find out which servers usually do the delivery for the
respective domain(s).

And keep in mind that this will break forwarding, e.g., when someone
sets up another mail account to forward his mail to your server. This
mail will appear to come from some random host, while still bearing
the <xxx@???> envelope sender.

> Does anybody have an idea to do that ?


I have made some attempts, but abandoned them when I found out about
the drawbacks. It's not that simple, and they only work with Exim 4
ACLs.

Andy