Re: [exim] rogue connections to broadcast addresses

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Alan J. Flavell
Data:  
Para: Exim users list
Assunto: Re: [exim] rogue connections to broadcast addresses
On Sun, 3 Oct 2004, Leonardo Boselli wrote:

> I got a lot of activity sending e-mail (bounce errors) to
> allmarts.com matmail.com and arthlink.net .
> These two domains have an MX pointing to 192.168.255.255
> that is not very legal, also becouse it is the broadcast address of a
> reserved subnet ...


Hmmm:

# exim -d -bt foobar@???

[...]

--------> lookuphost router <--------
local_part=foobar domain=allmarts.com
checking domains
cached no match for +local_domains
allmarts.com in "! +local_domains"? yes (end of list)
cached lookup data = NULL
calling lookuphost router
lookuphost router called for foobar@???
domain = allmarts.com
DNS lookup of allmarts.com (MX) succeeded
192.168.255.255 in "127.0.0.0/8 : /etc/exim/bogon-bn-agg.txt :
/etc/exim/ignore_spammers"? yes (matched "192.168.0.0/16" in
/etc/exim/bogon-bn-agg.txt)
ignored host mail.allmarts.com [192.168.255.255]
fully qualified name = allmarts.com
host_find_bydns yield = HOST_FIND_FAILED (0); returned hosts:
mail.allmarts.com <null> 0 *

[...]

foobar@??? is undeliverable:
Hello, this is the mailer daemon on othello.physics.gla.ac.uk.\n
Address routing failed for foobar@??? - I can't find any way to route
email to "allmarts.com". Sorry!
search_tidyup called


You really, -really- need to include the bogon list (or something
closely equivalent to it) in your configuration. Here's an extract
from ours:

# This router routes to remote hosts over SMTP using a DNS lookup with
# default options. (Note ignore_target_hosts for broken DNS replies,
# the file is http://www.cymru.com/Documents/bogon-bn-agg.txt , plus
# localhost ; the "Verislime thingy" 64.94.110.11 no longer relevant.)
lookuphost:
  driver = dnslookup
  qualify_single = false
  domains = ! +local_domains
  ignore_target_hosts = 127.0.0.0/8 : CONFIG_DIR/bogon-bn-agg.txt \
                         : CONFIG_DIR/ignore_spammers
  transport = remote_smtp



Read the explanation at http://www.cymru.com/Documents/bogon-list.html
before deciding finally how to apply that. In particular, when new IP
ranges are handed out, you *might* find yourself denying their
acceptability until you get your bogon list updated.