Re: [Exim] percent_hack problems

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Sander Smeenk
Date:  
À: Mason, Chris, CND Tech Dev, VF UK
CC: exim-users
Sujet: Re: [Exim] percent_hack problems
Quoting Mason, Chris, CND Tech Dev, VF UK (Chris.Mason@???):

> The reason I am on the RSS list is because I am failing 4 out of
> the 30 tests as Exim is accepting percent_hack addresses even though
> percent_hack_domains is not set.


I had the same problem, although I was never listed on any RBL's that I
know of.

With Exim3 and a relaytester that tests 26 different ways of relaying
mail, exim3 accepted three of the tests, and while actually trying to
deliver the relaytest it found out no such user existed at my server, so
it sent a bounce to the originating address, which in turn contained
part of the message that was supposed to have been relayed.

It's not official relaying, but the message could come through, although
encapsulated in a mailer daemon message.

I don't remember if exim3 had the capability to check the existance of
recipients directly after the remote host sends 'RCPT TO', but there is
where your problem lies. Exim3 doesn't verify existance of the recipient
untill after the message has been accepted in full.

> I can set receiver_try_verify = true, which solves the percent_hack
> problem, but creates another. I use aliases for my many domains,
> so people can have mail@domain1, abuse@domain1 and friends@domain1
> all directed towards fred@domain1 without the need for the various
> different user accounts to exist. This breaks if I use
> receiver_try_verify as the mail, abuse and friends accounts do not
> exist locally.


Ah! Right! Yeah, that's right! I use such a system myself, and had the
same problem. Now I remember :) I couldn't fix that either, so I just
left it the way it was... Accepting some weird formulated addresses, and
sending bounces to the envelope from. It never happened, for as far as I
could tell back then...

> Any ideas?


Uhm. Upgrade to exim 4, and use RCPT TO-acl's :)
My server now neatly rejects ALL of the 26 tests...

That seems like the easiest way.

You could also try creating virtual users, in a database, and use nss to
map those virtual users to real users, with the possibility of creating
security vulnerabilities.

Or you could try to make exim3 accept and 'forward' every mail to
another deamon that /has/ the intelligence to check existance of such
addresses. Kind of in the same way as most spamtraps / virusscanner
implementations work with exim3.

But none of these solutions are as easy as upgrading your exim3 to 4 :)

Sander.
--
| Light travels faster than sound.
| That's why a person may look intelligent until you hear him speak.
| 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D