Re: [exim] Seeking advice how to deal with spam faked to app…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Nigel Metheringham
Fecha:  
A: Exim User
Cc: Exim User's Mailing List
Asunto: Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain
On Mon, 2005-11-14 at 12:20 +0100, Exim User wrote:
> Looks like I'm not the only one weird by this?
> To get things clear, this is the process as it explores to me:
>
> Somebody sends spam with a faked sender of my domain.
> This spam bounces back to my mailserver (Exim 4.5.1).


Ideally this stuff would have been rejected at SMTP time and not
generated a bounce message, but thats outside of your control - however
you are making this far worse by not doing SMTP time verification of
incoming recipient addresses, as this means that people doing call-back
style verification of senders are not rejecting the forged crap as your
system prevents them doing further verification.

> Example here:

...snipped...

> Then my mailserver tries to deliver this bounce to the faked address, which
> is non-existant.


Major problem one for you is that your system accepts that mail. You
should reject it early (ie at SMTP time) then you would not have to
generate a bounce

> Somewhere here it loses the sender or whatsoever and can't
> deliver it, so it gets frozen.


A bounce is sent to the envelope sender address.
A bounce is sent *with* its own envelope sender address set to <>
A bounce message cannot be generated for an undeliverable bounce
message, so exim is freezing the incoming bounce message.

> Example:

....snipped....

> My acl_check_rcpt contains " require verify = sender", or do you think about
> something else?


You need:-
      * Recipient verification within your rcpt ACL
      * local address routing that does not include any catch-all
        routers


You might also benefit from sender address verification, possibly
including callback verification - however that does not address your
specific problem, which is that you are accepting mail for non-existent
local users from non-local senders (you might wish to accept invalid
addresses from local senders, and then generate a bounce, since many
MUAs react badly to being given SMTP errors, but folks should recognise
a bounce).

    Nigel.
-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]