Re: [exim] stopping a user from using exim on system

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Darren Casey
Date:  
À: Frank DeChellis DSL, exim-users
CC: 
Sujet: Re: [exim] stopping a user from using exim on system
Frank DeChellis DSL wrote:

> Hi,
>
> We're using Exim 4.54 with Net BSD.
>
> I want to deny access to user www (U=www in my logs).
>
> Is there an easy way to do this? We're trying to find the root of a
> problem and denying this user access would be a great help.
>
> I have ACL running. I've been searching and have not been able to
> find what I am looking for...unless I am working it wrong. I am a
> 4/10 on the Exim expertise scale (6/10 on looks and 8/0 on personality)


There are a lot of PHP exploits out at the moment that are injecting
headers into forms and thus bypassing the fixed send to address etc..

We had it on a huge number of servers, rather than get everyone to
upgrade their code we came up with the following quick patch

Add the following in to exim :-
acl_not_smtp = acl_check_pipe

In the ACL Section
acl_check_pipe:
  drop  condition = ${if match {$message_body}\
                        {\N.*\
                        MIME-Version:.*\N}{true}}
        log_message = "Spam MIME-Version: $header_subject: "


  drop  condition = ${if match {$message_body}\
                        {\N.*\
                        Content-Type:.*\N}{true}}
        log_message = "Spam: Content-Type: $header_subject: "


  drop  condition = ${if match {$message_body}\
                        {\N.*\
                        Content-Transfer-Encoding:.*\N}{true}}
        log_message = "Spam: Content-Transfer-Encoding: $header_subject: "


  drop  condition = ${if match {$message_body}\
                        {\N.*\
                        bcc:.*\N}{true}}
        log_message = "Spam: bcc: $header_subject: "


  drop  condition = ${if match {$message_body}\
                        {\N.*\
                        cc:.*\N}{true}}
        log_message = "Spam: cc: $header_subject: "
  accept


We haven't seen any collateral damage by using these, but all feed back
is welcome. In the logs we get :-


2005-11-28 06:08:25 1EgcBd-0004cv-O2 F=<nobody@???> rejected
by non-SMTP ACL: "Spam MIME-Version: Mon, 28 Nov 2005 06:08:25 +0000
Query from NEFMS Website
2005-11-28 06:08:25 1EgcBd-0004cw-T2 F=<> rejected by non-SMTP ACL:
"Spam MIME-Version: Mon, 28 Nov 2005 06:08:25 +0000 Mail failure -
rejected by local scanning code "

Regards
Darren