Re: [exim] Catching sending domains that resolve to RFC1918 …

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Stephen Gran
日付:  
To: exim-users
題目: Re: [exim] Catching sending domains that resolve to RFC1918 IP space
On Thu, Mar 19, 2009 at 04:01:57PM -0400, Bryan Rawlins said:
> We recently ran into an issue where we were getting mail from a domain
> that had an A record that resolved to private IP space. Not a big issue
> in most circumstances, but since we do store-n-forward spam filtering it
> became a slight problem because our customer's MTA recognized the
> sending domain being private IP space and 550'd the message, thus
> leaving us holding the bag as it were.
>
> As a result of the above I developed an ACL to catch these and reject
> them. There probably isn't a great demand for such a beast, but I
> though I'd share it.


The default (I think) exim4.conf handles it slightly more elegantly:
dnslookup:
  driver = dnslookup
  domains = ! +local_delivery : ! +relay_to_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
  no_more


then all you have to do is turn on verify = sender (not even callout) -
the domain will be unroutable.

Cheers,
--
--------------------------------------------------------------------------
|  Stephen Gran                  | sushi, n.:  When that-which-may-still-  |
|  steve@???             | be-alive is put on top of rice and      |
|  http://www.lobefin.net/~steve | strapped on with electrical tape.       |

--------------------------------------------------------------------------