Re: [Exim] Relay

Top Page
Delete this message
Reply to this message
Author: Rahul
Date:  
To: Tor Slettnes, Wakko Warner
CC: exim-users
Subject: Re: [Exim] Relay
Thanx for your replies.... but there is one more option we can have ... I
have all the addresses in mysql Db is it possible to check from Db and then
allow the relay.. and its not recomended for me to apply smtp Auth ....

because at this time i am using 2 servers one as smtp(exim3.x) and another
as pop(4.20 with exiscan, spamassassin, sa-exim). i wanted to combine both
of these servers... and more over this machine have got 40 IP's and 40
different MX records for 40 different domains....

that's what i am confused about..

The solution suggested is perfect but i can't use it as all domains like 1,
2 have mx like mail.1.com , mail.2.com

Rahul

----- Original Message -----
From: "Tor Slettnes" <tor@???>
To: "Wakko Warner" <wakko@???>
Cc: "Rahul" <rahul.b@???>; <exim-users@???>
Sent: Friday, April 09, 2004 3:36 AM
Subject: Re: [Exim] Relay


> On Apr 8, 2004, at 14:41, Wakko Warner wrote:
> >>    - when spammer controls the rDNS (in-addr.arpa) zone for the IP
> >> address from which he is sending you the mail.  He will simply create
> >> a
> >> rDNS entry from his IP address to 'pop.rahul.com', for instance.  When
> >> you perform a MX lookup of this name, you'll get your own MX.

> >
> > IIRC, exim does an rDNS lookup then does another DNS lookup on that
> > name.
> > If the IP of the connecting host isn't listed in the 2nd lookup, the
> > rDNS is
> > assumed to be spoofed and not used. So this would be a non-issue.
> > (Unless
> > I misunderstood what you wrote)
>
> Are you talking about Exim's "verify = helo" mechanism (or behaviour in
> the case of "helo_verify_hosts = true")? If so, this has no bearing on
> this discussion - this was about allow relaying based on the sender's
> domain (how this domain would be deducted, was a topic of discussion).
>
> If on the other hand you are saying that the variable $sender_host_name
> (which, as you know, is deducted by way of resolving the peer's IP
> address) is empty unless the host name can be verified in the forward
> direction, then you have a point. However, according to
> 'spec.txt.gz', this does not seem to be the case.
>
> >>    - when a lookup of the remote IP address (correctly) yields
> >> "spammer.biz", but the owner of "spammer.biz" adds an MX record to his
> >> own domain pointing to "mx.rahul.com".

> >
> > Oooh =)
>
> There is another potential problem associated with this, albeit a less
> likely one. Many installations (mostly Exim 3 installations) allow
> relaying to any domain for which the local host is an MX. So a
> spammer could add the following MX records to his zone:
>
>         @     IN MX 1    mta.victim.domain.
>         @     IN MX 2    mta.your.domain.

>
> If your MTA was configured to allow relaying to hosts for which you are
> an MX, you would happily forward mails to 'mta.victim.domain.'.
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim

details at http://www.exim.org/ ##
>
>