Re: [exim] Seeking advice how to deal with spam faked to app…

Top Page
Delete this message
Reply to this message
Author: Exim User
Date:  
To: Exim User's Mailing List
Subject: Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain
Dear list,

my special problem went down around other -550 discussions.
What should I add to my rcpt_acl to get rid of
> Message IPXDKM-000KV5-KU has been frozen (delivery error message).
> The sender is <>.


Thanks
Sebastian


Am 14.11.2005 12:33 Uhr schrieb "Nigel Metheringham" unter
<nigel.metheringham@???>:

> On Mon, 2005-11-14 at 12:20 +0100, Exim User wrote:
>> Looks like I'm not the only one weird by this?
>> To get things clear, this is the process as it explores to me:
>>
>> Somebody sends spam with a faked sender of my domain.
>> This spam bounces back to my mailserver (Exim 4.5.1).
>
> Ideally this stuff would have been rejected at SMTP time and not
> generated a bounce message, but thats outside of your control - however
> you are making this far worse by not doing SMTP time verification of
> incoming recipient addresses, as this means that people doing call-back
> style verification of senders are not rejecting the forged crap as your
> system prevents them doing further verification.
>
>> Example here:
> ...snipped...
>
>> Then my mailserver tries to deliver this bounce to the faked address, which
>> is non-existant.
>
> Major problem one for you is that your system accepts that mail. You
> should reject it early (ie at SMTP time) then you would not have to
> generate a bounce
>
>> Somewhere here it loses the sender or whatsoever and can't
>> deliver it, so it gets frozen.
>
> A bounce is sent to the envelope sender address.
> A bounce is sent *with* its own envelope sender address set to <>
> A bounce message cannot be generated for an undeliverable bounce
> message, so exim is freezing the incoming bounce message.
>
>> Example:
> ....snipped....
>
>> My acl_check_rcpt contains " require verify = sender", or do you think about
>> something else?
>
> You need:-
>       * Recipient verification within your rcpt ACL
>       * local address routing that does not include any catch-all
>         routers

>
> You might also benefit from sender address verification, possibly
> including callback verification - however that does not address your
> specific problem, which is that you are accepting mail for non-existent
> local users from non-local senders (you might wish to accept invalid
> addresses from local senders, and then generate a bounce, since many
> MUAs react badly to being given SMTP errors, but folks should recognise
> a bounce).
>
> Nigel.