RE: [exim] Some mail seems to bypass sender verification acl

Etusivu
Poista viesti
Vastaa
Lähettäjä: brandon pearson (BITS)
Päiväys:  
Vastaanottaja: exim-users
Aihe: RE: [exim] Some mail seems to bypass sender verification acl
> > acl_smtp_mail = check_sender
> >
> > check_sender:
> >   deny   message = bad sender
> >          condition =

> >
> ${lookup{${domain:${sender_address}}}lsearch{/usr/exim/verify_
> domains}{y
> > es}{no}}
> >          condition =

> >
> ${lookup{${lc:${sender_address}}}dbm{/usr/exim/exch-user-table
> .db}{no}{y
> > es}}
> > accept
> >
> > This blocks most mail I was expecting it to but a few
> unknown senders
> > seem to get through each day. If I run exim -bh with the same sender
> > address that got through it is failed by the acl.
> >
> > Is there a way that some mail can avoid this acl?
>
> Non-SMTP mail?
>


The mail is smtp.

2004-09-20 09:15:42 SMTP connection from [151.100.114.249] (TCP/IP
connection count = 7)
2004-09-20 09:15:43 1C9JKp-00030l-AD <=
E4D0A20B9E9ED4118E3C00508BEED17106D7FA3A@??? H=(mendel.com)
[151.100.114.249] P=smtp S=30645 id=quueoqhbqzvsvvcngtu@???
T="Forum notify"
2004-09-20 09:15:43 SMTP connection from (mendel.com) [151.100.114.249]
lost

2004-09-20 07:45:50 SMTP connection from [217.10.222.202] (TCP/IP
connection count = 6)
2004-09-20 07:47:58 1C9Hw2-0005h6-B1 <=
194E4E81F995D411989200508BDCD8F3016D8B34@??? H=(Stefania.org)
[217.10.222.202] P=smtp S=28455 id=gfylvnpsswemzlgkfou@???
T="RE: Protected message"
2004-09-20 07:48:00 SMTP connection from (Stefania.org) [217.10.222.202]
lost

The examples above seem to be mails generated by the bagel-AA virus. The
sending addresses are invalid and fail if I try them by hand.

I must be missing something but I can't spot it.

Thanks,

Brandon