On Wed, 6 Dec 2006, Marc Sherman wrote:
> Richard.Hall wrote:
> >
> > I am trying to deal with a dumb device whose idea of an SMTP conversation
> > is to chuck the following data at me and then run away:-
> >
> > HELO 192.168.1.1
> > MAIL FROM: xyz@???
> > RCPT TO: me@???
> > DATA
> > From: xyz@???
> > To: me@???
> > Subject: A Message From 192.168.1.1
> >
>
> http://www.exim.org/eximwiki/DontObfuscate
>
> - Marc
Oh fhs! OK, if it makes you happy, replace 'mydomain' by 'ingenta'
throughout. Makes no material difference since the only thing of interest
is the domain literal...
> > HELO 192.168.1.1
> > MAIL FROM: xyz@???
> > RCPT TO: me@???
> > DATA
> > From: xyz@???
> > To: me@???
> > Subject: A Message From 192.168.1.1
On Wed, 6 Dec 2006, Chris Lightfoot wrote:
[...]
> Would it allay your security concern if you only accepted
> HELO-with-domain-literal (a) from the known IPs of the
> devices with the bogus SMTP implementation; and (b) if the
> IP in the HELO statement is the same as the connecting IP?
I think my concerns have eased somewhat since I first wrote.
I'm not bothered about the HELO - plenty of people already use HELO
ip-address, and it gets dealt with as I see fit. It was the MAIL FROM that
was the real concern. I've now got it doing a lookup, so only specific IPs
are now subject to the rewrite. I *could* check that against
$sender_host_address, I guess, but since all I'm doing is turning it into
a domain name (now using a dnsdb lookup, yay!), I can just as easily work
with the latter. If the sender is forging my domain literal IP address,
they are effectively forging the corresponding domain name, and I know how
to deal with that already; so I don't think I've introduced any extra
complexity.
> (An alternative to messing about with your exim config
> would be to implement a really simple proxy to convert the
> bogus-SMTP into real-SMTP; I remember this being useful
> with the wretched 3ware 3dmd thing which had a very
> eccentric idea of what did and did not constitute a valid
> SMTP dialogue.)
Hmmm. My main objective was to KISS !!
On Wed, 6 Dec 2006, Philip Hazel wrote:
[...]
> > - the rewrite seemed to be tried on both the envelope addresses, not just
> > the sender. Is that the case, or did I misinterpret the voluminous
> > debugging? If it is the case, is there any way to restrict it to just one
> > or the other?
>
> Not for an SMTP rewrite. You just have to make it match only what you
> want.
>
> > Section 8 of the spec says that Exim (normally) recognises regular
> > expressions by prefixing them with '^', eg ^\\d{3} - is this an anchored
> > regex, or would I have to write ^^\\d{3} to anchor it?
>
> It's anchored. You can always start it with ^.* if you want otherwise.
Thanks for that/those.
Just in case anyone is even remotely interested, the rewrite now reads
(modulo line-wrapping)
\N^(.*)@\[(.*)\]$\N "$1@${lookup dnsdb {ptr=${lookup {$2} lsearch
{CONFDIR/domain-literal-hosts} {$2} fail}} {$value} fail}" S
No doubt it could be improved :-(
Richard
