Re: [exim] exim exploit or configuration problem

Página Inicial
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
Para: exim users
Assunto: Re: [exim] exim exploit or configuration problem
Bridgit Griffin (Withers) wrote:

> I have up loaded zips/tars of the emails with all headers intact for
> those who wish to inspect further ftp to ncewebdotcom
>
> username: anonymous at nceweb dot com <mailto:anonymous@yourdomain.com>
> password: anonymous
>
> But let me see if I have understood all of the posts so far:
> - this is a config issue on the ISP side.


Yes IF.

IF the forged message went only to you, (as it seems it did), the mailadmin may
be erring on the cautious side w/r not false-rejecting things you might want to
at least be aware of.

> - they may or may not be able/willing to put the "correct" config in place.


All configs are a compromise. The more variety in clientele served, the greater
the compromise required.

Gross blocking of 'defectives' is easy. False-positive-free blocking is harder.

For example, one of the largest registrars, Network Solutions, parks email
services for a gadzillion of their registrants.

Their MTA's and/or DNS are so badly configured some of the IP's they connect
from do not resolve at all, others resolve to different .tld's (.com or .net).

There are too many such accounts to reject NetSol as forging themselves, and
they are not the only such transgressor.

> - I have done all that I can from my side (have I done all that can be
> done?)


Seems so.

> other than submit a ticket through tech support (that's another
> nightmare).


'Fire and forget'.

Do it by email with the best digestion of events you have.
If no change, that at least timestamps a marker that you did what you could.

> - and the unwritten suggesting....find a new hosting provider.


Won't necessarily be any better.

Many 'economy' hosting providers run MTA's that at their best cannot match
Exim's cleanliness with even a mediocre config.

Qmail+<half a dozen helpers in as many languages> is still a common one.

And we won't sully the airwaves with mention of Remondian concepts of mail.

>
> Did I miss anything?
>


'bout covers it..

> W B Hacker wrote:
>
>>Don't be so hasty.
>>
>>This is a volunteer group, we are in time zones all over the globe, and most
>>folks here have both a day-job and a life outside of this list.
>>
>
> My apologies. I wasn't trying to be rude, just trying to solve the
> "mystery."
>
> BTW thank you for the education and the help.


Just passing on what I learned right here .. to the extent that I *have* learned
anything so far, anyway.

Still room to grow.

;-)

Bill