Re: [Exim] redirect router issue with aliases

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDavid Woodhouse at <-
M 
Delete this message
Reply to this message
Author: Bruce Cornett
Date:  
To: exim-users
Subject: Re: [Exim] redirect router issue with aliases
David

The X-Redirect gets dropped in by an earlier data ACL as the result of a
call to spamassassin - this was based on the exiscan examples.

I wondered if it might be an issue that the header existed - maybe the
exiscan patch was making some sort of decision based on its existence. So
I removed the ACL and I still get the same behavior.

re: possibility of letting someone relay based on the X-Redirect

In this case, I don't think so. All our existing controls are in
place. You would have to destined for the mailbox of an existing user on
the system before you would get that far or so I believe. And then the
redirect was doing a very straightforward thing - prepending a prefix to
match a spam mailbox for each of our users so the mail would go there
rather than their usual mailbox. So at best you would end up where we were
going to send you anyway. At least that is the intention.

Bruce C


At 02:25 PM 1/26/2004, David Woodhouse wrote:
>On Mon, 2004-01-26 at 13:22 -0500, Bruce Cornett wrote:
> > I dropped the remove_header back in the works just to see if I had
> > overlooked that. Same results and if you note the headers below, you will
> > see that the "X-Redirect-To: pex" is still there. This might be a clue as
> > to what is happening. And I noticed in the resulting bounce that I did
> > not have the other "Redirect" header I had added, so I wondered if perhaps
> > something was out of kilter because I used the "Redirect." I added an
> > "X-Bruce" header and it does not show (full headers below). Anomalies
> > like this cause me to wonder if this router is working at all.
>
>There is strangeness(tm) w.r.t. addition and removal of headers in
>routers -- they operate on a _copy_ of the message. It's been discussed
>on the list recently, but I wasn't paying attention because I don't care
>very much.
>
>How is your 'X-Redirect-To:' header getting there, and how are you
>ensuring that you're not turning your machine into an open relay by
>honouring the 'X-Redirect-To:' header in any mail I might send you from
>the outside?
>
>--
>dwmw2




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] keying off an ldap attribute and either failing...RE: [Exim] exim handling of 5xx fatal errors->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)