Re: [Exim] [Spoofed Mail addresses spamming mails]

Top Page
Delete this message
Reply to this message
Author: Ian A B Eiloart
Date:  
To: exim-users
Subject: Re: [Exim] [Spoofed Mail addresses spamming mails]

--On martes, 3 febrero 2004 11:11 +0000 Tim Jackson <lists@???>
wrote:

> Hi Vibhav, on Tue, 03 Feb 2004 16:01:29 +0530 you wrote:
>
>> My Friend who is also an admin , polled to 25 port of my server
>> and he did the following:
>> MAIL FROM:<invalidemailaccount@???>
>> RCTP TO: <validuser@???>
>> and he was able to deliver the mail to my mail box...
>> i want this scenario to be stopped
>
> You are not the first to be making this bizarre request, which still
> astonishes me. How, if you block your friend from "telnet"ing to your box
> and sending you a mail, is any other mailserver going to pass any mail to
> you? Besides, do you think spammers sit there typing "telnet
> mail.victim.example 25"?
>


Actually, I think he's just asking how to validate the left hand side of
the envelope sender address, but it isn't exactly clear. I'm just looking
at the use of "valid" and "invalid" in the email addresses used in the
example.

The answer is to use "require verify = sender/callout" in the appropriate
ACL. It should be the "check recipient" ACL in order that you don't
accidentally prevent people sending email to postmaster.



--
Ian Eiloart
Servers Team
Sussex University ITS