Re: [exim] matching envelope from and from

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] matching envelope from and from
Hill Ruyter wrote:
> Hi
> I realise what has been said for mailing lists
>
> Which is why I only want to filter those mails where
> The two are different AND the from is equal to ME.
>
> I can be quite sure I will not send any email to myself with a different
> envelope-from address
>
> Is this possible without frigging mails from lists ?
>


Yes - but what you need is to do is catch it in a different snare.

If you are passing what you posted:

"Received: from [74.72.203.118] (helo=cpe-74-72-200-118.nyc.res.rr.com)"

...you are not making full use of all the tests available:

While

'host 74.72.203.118'

and

'host cpe-74-72-200-118.nyc.res.rr.com'

*appear* to forward/reverse return each other, Exim's logic *also* tries to
verify (in order) that one of the returns is a valid SRV, MX, or at least an A
record.

All of which fail for the above example in particular, and *.res.rr.com in
general [1]:

2009-06-05 08:25:43 [44471] H=cpe-76-189-146-130.neo.res.rr.com
[76.189.146.130]:4738 I=[203.194.153.81]:25 rejected connection in "connect"
ACL: C3A no valid PTR RR for 76.189.146.130 cpe-76-189-146-130.neo.res.rr.com

2009-06-05 09:15:56 [44918] H=[75.87.252.7]:3980 I=[203.194.153.81]:25 rejected
connection in "connect" ACL: C3B: host lookup failed (75.87.252.7 does not match
any IP address for cpe-75-87-252-7.natnow.res.rr.com)

NB: Exim err msg log entry is slightly obtuse. 'No valid' and 'does not match'
might more accurately state '.. not valid for smtp use'. See ~/src/host.c

As the "Road Runner" ISP does not operate its own shared-use mail servers from
within the 'residential' DHCP pool anyway, other options include:

- deny if attaching IP is in a 'dynamic IP RBL'

2009-06-04 16:00:14 [37021] H=117.157.100.97.cfl.res.rr.com
[97.100.157.117]:4069 I=[203.194.153.81]:25 rejected connection in "connect"
ACL: C7 97.100.157.117 blacklisted in dul.dnsbl.sorbs.net


- deny on '*.res.rr.com'

.. at or after any point $sender_hostname AND/OR $sender_helo_name have become
available.

2009-05-05 16:16:17 [45270] H=cpe-67-249-217-77.twcny.res.rr.com
[67.249.217.77]:2183 I=[203.194.153.81]:25 rejected connection in "connect" ACL:
C9 cpe-67-249-217-77.twcny.res.rr.com Locally blacklisted.

('C9' is my ninth acl clause in acl_smtp_connect).

Notes:

C3A and C3B do most of the work. C7, an RBL call, and C9, an 'lsearch' of a
local regular-expression blacklist, are very seldom reached.

CAVEAT: Draconian!

IF you use anything of this sort, first test effects on *your* environment with
a 'warn' before converting to a 'deny'.

Also effective.

conducive# grep -c res.rr.com /var/log/exim/rejectlog
457

And *zero* complaints from user base of lost 'genuine' traffic from Road Runner.

HTH,

Bill


>
>> -----Original Message-----
>> From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]
>> On Behalf Of Graeme Fowler
>> Sent: 05 June 2009 16:17
>> To: exim-users@???
>> Subject: Re: [exim] matching envelope from and from
>>
>> On Fri, 2009-06-05 at 15:56 +0100, Hill Ruyter wrote:
>>> I basically want to say
>>> if envelope-from is not equal to from and from is equal to me then
>> drop
>>
>> You'll stop receiving mailing list messages, then... look at the Exim
>> list mails:
>>
>> Return-path: <exim-users-bounces+graemef.net@???>
>> From: "Hill Ruyter" <hill@???>
>>
>> [the Return-Path is composed from the MAIL FROM, ie. the envelope
>> sender]
>>
>> You may be surprised just how much mail comes in with different
>> envelope
>> sender and From: addresses. Especially if you subscribe to many lists.
>>
>> Graeme
>>
>>
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>