Re: [Exim] My Server as spamming machine !

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Philip Hazel
Date:  
À: James P. Roberts
CC: exim-users
Sujet: Re: [Exim] My Server as spamming machine !
On Wed, 17 Dec 2003, James P. Roberts wrote:

> Oh, one question... I just noticed the "applies to all non-interactive"
> bit... Does this mean someone could still get past this non-SMTP ACL by
> sitting at a terminal and typing away?


No.

> Is there an ACL for *interactive* non-SMTP incoming messages? I did not see
> one...


That's because there's no such thing as an "interactive non-SMTP
incoming message". By "interactive" I didn't mean "coming from a
terminal", I meant "protocol in which the server and client exchange
data with each other" - in other words, "proper" SMTP, where the client
sends a command and waits for a response, etc.

Here's an enumeration of all the ways you can inject messages into Exim:

1. SMTP over TCP/IP (to the loopback address or real IP address).
2. SMTP over stdin/stdout (the -bs option).

3. Command line with recipients on command line.
4. Command line with recipients in message (the -t option).
5. Command line with recipients in SMTP format (the -bS option).

The first two use the SMTP ACLs and are "interactive"; the remaining 3
use the non-SMTP ACL and are not.

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book