Frank DeChellis DSL wrote:
> Hi,
>
> We're using Exim 4.54 with Net BSD.
>
> I want to deny access to user www (U=www in my logs).
>
> Is there an easy way to do this? We're trying to find the root of a
> problem and denying this user access would be a great help.
>
> I have ACL running. I've been searching and have not been able to
> find what I am looking for...unless I am working it wrong. I am a
> 4/10 on the Exim expertise scale (6/10 on looks and 8/0 on personality)
There are a lot of PHP exploits out at the moment that are injecting
headers into forms and thus bypassing the fixed send to address etc..
We had it on a huge number of servers, rather than get everyone to
upgrade their code we came up with the following quick patch
Add the following in to exim :-
acl_not_smtp = acl_check_pipe
In the ACL Section
acl_check_pipe:
drop condition = ${if match {$message_body}\
{\N.*\
MIME-Version:.*\N}{true}}
log_message = "Spam MIME-Version: $header_subject: "
drop condition = ${if match {$message_body}\
{\N.*\
Content-Type:.*\N}{true}}
log_message = "Spam: Content-Type: $header_subject: "
drop condition = ${if match {$message_body}\
{\N.*\
Content-Transfer-Encoding:.*\N}{true}}
log_message = "Spam: Content-Transfer-Encoding: $header_subject: "
drop condition = ${if match {$message_body}\
{\N.*\
bcc:.*\N}{true}}
log_message = "Spam: bcc: $header_subject: "
drop condition = ${if match {$message_body}\
{\N.*\
cc:.*\N}{true}}
log_message = "Spam: cc: $header_subject: "
accept
We haven't seen any collateral damage by using these, but all feed back
is welcome. In the logs we get :-
2005-11-28 06:08:25 1EgcBd-0004cv-O2 F=<nobody@???> rejected
by non-SMTP ACL: "Spam MIME-Version: Mon, 28 Nov 2005 06:08:25 +0000
Query from NEFMS Website
2005-11-28 06:08:25 1EgcBd-0004cw-T2 F=<> rejected by non-SMTP ACL:
"Spam MIME-Version: Mon, 28 Nov 2005 06:08:25 +0000 Mail failure -
rejected by local scanning code "
Regards
Darren
