Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] Stop scanning local mail
Mike Cardwell wrote: > * on the Mon, Mar 05, 2007 at 05:39:49PM -0500, Arthur Hagen wrote:
>
>> One host I have fetch a couple of outside mailboxes with fetchmail, and
>> feeds the emails to exim for local delivery. The problem is that those
>> would then be accepted, since the connecting host is localhost.
>> Anyone got a good idea for a scenario like that, where you do want to
>> scan anything coming from the outside or through fetchmail, but not
>> anything sent from machines on the local network?
>
> At the risk of getting flamed for having the audacity to even consider
> mentioning the evil, destructive, and always useless rfc1413... Install
> an ident server, firewall it out from non local connections, set exim to
> do rfc1413 lookups on local connections and then filter on $sender_ident
> being the user fetchmail is run as.
>
> Job done,
>
> Mike
>
Reasonably bulletproof, and 'seconded' as more generic and easier to implement
than some other clever kludges
- so long as the firewalling is done as part of the package.
ELSE set tcpdump and watch the malworld hammer the bejaysus out of an exposed
rfc1413 port. Waste of cycles & b/w, that