Re: [exim] matching envelope from and from

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] matching envelope from and from
Hill Ruyter wrote:
> Bill
>
> Thanks again
>
> If you would not consider it an IPR issue I would be very interested to see
> a copy of your ACLs for reference purposes.
> To see a working config against which I can reference the available
> documentation may help me understand it a little better.
>
> Thanks again for you input
>
> Regards
> Hill


Not an IPR issue in my case.

A 'humanitarian' one.

;-)

Overly complex, SQL-driven, and suited only to our needs.

Even our Exim binary is from modified source code.

Better to go at your own pace with the basics.

You'll get there soon enough - and you will 'own' the knowledge, so you can
admin the results easily.

Bill




>
>
>> -----Original Message-----
>> From: exim-users-bounces@??? [mailto:exim-users-bounces@exim.org]
>> On Behalf Of W B Hacker
>> Sent: 05 June 2009 18:04
>> To: exim users
>> Subject: Re: [exim] matching envelope from and from
>>
>> Hill Ruyter wrote:
>>> Hi
>>> I realise what has been said for mailing lists
>>>
>>> Which is why I only want to filter those mails where
>>> The two are different AND the from is equal to ME.
>>>
>>> I can be quite sure I will not send any email to myself with a
>> different
>>> envelope-from address
>>>
>>> Is this possible without frigging mails from lists ?
>>>
>> Yes - but what you need is to do is catch it in a different snare.
>>
>> If you are passing what you posted:
>>
>> "Received: from [74.72.203.118] (helo=cpe-74-72-200-
>> 118.nyc.res.rr.com)"
>>
>> ...you are not making full use of all the tests available:
>>
>> While
>>
>> 'host 74.72.203.118'
>>
>> and
>>
>> 'host cpe-74-72-200-118.nyc.res.rr.com'
>>
>> *appear* to forward/reverse return each other, Exim's logic *also*
>> tries to
>> verify (in order) that one of the returns is a valid SRV, MX, or at
>> least an A
>> record.
>>
>> All of which fail for the above example in particular, and *.res.rr.com
>> in
>> general [1]:
>>
>> 2009-06-05 08:25:43 [44471] H=cpe-76-189-146-130.neo.res.rr.com
>> [76.189.146.130]:4738 I=[203.194.153.81]:25 rejected connection in
>> "connect"
>> ACL: C3A no valid PTR RR for 76.189.146.130 cpe-76-189-146-
>> 130.neo.res.rr.com
>>
>> 2009-06-05 09:15:56 [44918] H=[75.87.252.7]:3980 I=[203.194.153.81]:25
>> rejected
>> connection in "connect" ACL: C3B: host lookup failed (75.87.252.7 does
>> not match
>> any IP address for cpe-75-87-252-7.natnow.res.rr.com)
>>
>> NB: Exim err msg log entry is slightly obtuse. 'No valid' and 'does not
>> match'
>> might more accurately state '.. not valid for smtp use'. See
>> ~/src/host.c
>>
>> As the "Road Runner" ISP does not operate its own shared-use mail
>> servers from
>> within the 'residential' DHCP pool anyway, other options include:
>>
>> - deny if attaching IP is in a 'dynamic IP RBL'
>>
>> 2009-06-04 16:00:14 [37021] H=117.157.100.97.cfl.res.rr.com
>> [97.100.157.117]:4069 I=[203.194.153.81]:25 rejected connection in
>> "connect"
>> ACL: C7 97.100.157.117 blacklisted in dul.dnsbl.sorbs.net
>>
>>
>> - deny on '*.res.rr.com'
>>
>> .. at or after any point $sender_hostname AND/OR $sender_helo_name have
>> become
>> available.
>>
>> 2009-05-05 16:16:17 [45270] H=cpe-67-249-217-77.twcny.res.rr.com
>> [67.249.217.77]:2183 I=[203.194.153.81]:25 rejected connection in
>> "connect" ACL:
>> C9 cpe-67-249-217-77.twcny.res.rr.com Locally blacklisted.
>>
>> ('C9' is my ninth acl clause in acl_smtp_connect).
>>
>> Notes:
>>
>> C3A and C3B do most of the work. C7, an RBL call, and C9, an 'lsearch'
>> of a
>> local regular-expression blacklist, are very seldom reached.
>>
>> CAVEAT: Draconian!
>>
>> IF you use anything of this sort, first test effects on *your*
>> environment with
>> a 'warn' before converting to a 'deny'.
>>
>> Also effective.
>>
>> conducive# grep -c res.rr.com /var/log/exim/rejectlog
>> 457
>>
>> And *zero* complaints from user base of lost 'genuine' traffic from
>> Road Runner.
>>
>> HTH,
>>
>> Bill
>>
>>
>>>> -----Original Message-----
>>>> From: exim-users-bounces@??? [mailto:exim-users-
>> bounces@???]
>>>> On Behalf Of Graeme Fowler
>>>> Sent: 05 June 2009 16:17
>>>> To: exim-users@???
>>>> Subject: Re: [exim] matching envelope from and from
>>>>
>>>> On Fri, 2009-06-05 at 15:56 +0100, Hill Ruyter wrote:
>>>>> I basically want to say
>>>>> if envelope-from is not equal to from and from is equal to me then
>>>> drop
>>>>
>>>> You'll stop receiving mailing list messages, then... look at the
>> Exim
>>>> list mails:
>>>>
>>>> Return-path: <exim-users-bounces+graemef.net@???>
>>>> From: "Hill Ruyter" <hill@???>
>>>>
>>>> [the Return-Path is composed from the MAIL FROM, ie. the envelope
>>>> sender]
>>>>
>>>> You may be surprised just how much mail comes in with different
>>>> envelope
>>>> sender and From: addresses. Especially if you subscribe to many
>> lists.
>>>> Graeme
>>>>
>>>>
>>>> --
>>>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>
>>
>> --
>> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>