Re: [exim] exim exploit or configuration problem

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
MW B Hacker at ->
Delete this message
Reply to this message
Author: Bridgit Griffin (Withers)
Date:  
To: exim-users
Subject: Re: [exim] exim exploit or configuration problem
Jeremy Harris wrote:
> The mail is for you, as well as claiming to be from you.
> If they were accepting mail claiming to be from you and
> relaying it out-system I'd be more worried.
>
I am concerned that is why I'm looking for a solution at the source
before the spam is sent not after spam has been sent. Spam being sent
from any of my domains is grounds for the hosting provider to shutdown
the domain and the website and the account.
> Unless they provide flexible filtering for individual customers,
> there's not much they can do (barring things like SPF,
I am using SPF in each DNS record which is why the mail is from
postmaster to postmaster. But this is not good enough. It's hard to
explain to a customer why they are sending themselves spam.
> Does postmaster *ever* send any mail under that name?
No, as I stated previously there are no email accounts associated with
any of the domains.
> If not,
> it's simple for you to configure any decent MUA to discard them.
>
I'm not interested in discarding at a email program - not to mention
email programs work with email accounts of which there are none. I'm
interested in not allowing smtp connections that are not from any domain
name I have. I am using SPF to disallow anything that is not in the
domain name, which is why I am concerned that this connection is getting
through. To me it seems the break is either at the smtp app or at the
server itself. And I did mention previously that this is a recent
problem that started happening at the end of June. Which indicates a
recent change, but I don't know where.

Plus removing the postmaster alias makes each domain's dns record
non-compliant. Not to mention that removing that alias is no guarantee
that will stop the authorized connection into the smtp server. For all I
know it looks for any alias and that's the one the spammer is using now.
Since every domain has multiple aliases I might end up shutting them all
off. So for now the postmaster alias will stay as I am working with a
known entity
> A flexible-filter ESP would be able to reject them in the first place.
>
Once again this does not address stopping the unauthorized connection
into the smtp server.

So since only one person responded to this, I can only assume that there
is no help to be had here.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Changing outgoing interfaceRe: [exim] Help with exim acls->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)