Re: [exim] Blocking non-authenticated senders

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Peter Velan
Date:  
À: Exim Users Mailing List
Sujet: Re: [exim] Blocking non-authenticated senders
am 20.02.2007 17:56 schrieb Peter Velan:
> am 20.02.2007 16:50 schrieb David Woodhouse:
>> On Tue, 2007-02-20 at 15:38 +0100, Peter Velan wrote:
>>> I don't see a situation where a foreign server sends me a legit email
>>> with envelope-from = "localpart@???"?
>>
>> If there is any external email address for which email is just
>> automatically forwarded to your systems, and if any of your users send
>> mail to that address, then it'll happen.
>
> Hmm, I will check this very, very carefully.
>
>>> > - your mail server in turn rejects the forwarded mail because it was
>>> > not sent via SMTP AUTH
>>> > - your user will receive an error mail from the forwarding mail server
>>> >
>>> > I would stongly recommend not to implement this kind of blocking.
>>>
>>> If the scenario you described above is real, then for sure, it would be
>>> a stupid thing to implement this!
>>
>> It's very real; it's very stupid :)
>
> Well, I will take a very close and thorough look to my mainlog-files
> before doing such a stupid stupid thing.


May be its of general interest, so here are my findings:

>From a lot of 89901 (accepted) messages from outside world (less

authenticated users and less valid relaying from one of our machines),
385 having an envelope-from = @mydomains.

Just for clarification: This kind of non-authenticated transfers could
only target one of the local accounts - I do not run an open relay ;-)

>From the 385 messages (which I originally thought should all be

classified as spam) were:

a) 258 valid

-- A handfull of my users is sending from email-providers which freely
allow setting of an arbitrary envelope-from.
-- One message was triggered from a news website, where one user
informed about an interesting article. The email-system of this website
placed the email-address of the informing guy in envelope-from.

b) 61 addressed to postmaster@mydomains (all spam)

Because I accept anything adressed to postmaster/abuse-account, I would
not prevent this spam from comming in.

c) 66 real spam

The remainder of 66 real spams, was predominantly killed by
spamassassin. Some interesting things about this class of messages: 34
of them came in between January and December 2006; the remaining 32 are
from this year: a six-fold increase! And, 37 of this 66 are role
accounts info@mydomains.


Conclusion: Its not worth the hassle! The only thing I consider to
implement: blocking any outside email with enevelope-from =
"info@mydomains".

Thank you again for your valuable thoughts!

Peter