Re: [exim] Seeking advice how to deal with spam faked to app…

Página Inicial
Delete this message
Reply to this message
Autor: Shea Martin
Data:  
Para: Nigel Metheringham
CC: Exim User's Mailing List
Assunto: Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain
Nigel Metheringham wrote:

>On Mon, 2005-11-14 at 12:20 +0100, Exim User wrote:
>
>
>>Looks like I'm not the only one weird by this?
>>To get things clear, this is the process as it explores to me:
>>
>>Somebody sends spam with a faked sender of my domain.
>>This spam bounces back to my mailserver (Exim 4.5.1).
>>
>>
>
>Ideally this stuff would have been rejected at SMTP time and not
>generated a bounce message, but thats outside of your control - however
>you are making this far worse by not doing SMTP time verification of
>incoming recipient addresses, as this means that people doing call-back
>style verification of senders are not rejecting the forged crap as your
>system prevents them doing further verification.
>
>

As a noob, I am not 100% sure sure what SMTP time verification is. Is
this 39.31 in the manual? Or is this something different.

~S

>
>
>>Example here:
>>
>>
>...snipped...
>
>
>
>>Then my mailserver tries to deliver this bounce to the faked address, which
>>is non-existant.
>>
>>
>
>Major problem one for you is that your system accepts that mail. You
>should reject it early (ie at SMTP time) then you would not have to
>generate a bounce
>
>
>
>>Somewhere here it loses the sender or whatsoever and can't
>>deliver it, so it gets frozen.
>>
>>
>
>A bounce is sent to the envelope sender address.
>A bounce is sent *with* its own envelope sender address set to <>
>A bounce message cannot be generated for an undeliverable bounce
>message, so exim is freezing the incoming bounce message.
>
>
>
>>Example:
>>
>>
>....snipped....
>
>
>
>>My acl_check_rcpt contains " require verify = sender", or do you think about
>>something else?
>>
>>
>
>You need:-
>      * Recipient verification within your rcpt ACL
>      * local address routing that does not include any catch-all
>        routers

>
>You might also benefit from sender address verification, possibly
>including callback verification - however that does not address your
>specific problem, which is that you are accepting mail for non-existent
>local users from non-local senders (you might wish to accept invalid
>addresses from local senders, and then generate a bounce, since many
>MUAs react badly to being given SMTP errors, but folks should recognise
>a bounce).
>
>    Nigel.

>
>