Hi all,
I'm using Exim version 4.69 and am having an issue with relaying... it seems
that by simply supplying a null/empty Envelope Sender anyone can relay email
to anywhere they'd like.
#####################
...snip...
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM: <>
<<< 250 OK
>>> RCPT TO: <rlytest@???>
<<< 250 Accepted
...snip...
#####################
I've read through all the Exim list archives I can find, and a number of
other articles talking about null and empty Envelope Sender issues, but I
can't find what I need to solve this issue. It seems to me that this should
be basic but for some reason I can't figure it out or find anyone adressing
this particular problem.
I'm going to post a couple excerpts from the config file that might(?) be
relevant and useful in figuring out this situation...
excerpt from exim config:
################################
*...snip...*
acl_smtp_connect = check_connect
acl_smtp_helo = check_helo
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
acl_smtp_auth = check_auth
*...snip...*
begin acl
check_connect:
accept hosts = +whitelist
endpass
warn dnslists = hostkarma.junkemailfilter.com=127.0.0.1
set acl_c1 = white - dnswl - $sender_fullhost
log_message = GREYLIST CONNECT - WHITE Hostname $sender_host_name
$sender_host_address
warn dnslists = hostkarma.junkemailfilter.com=127.0.0.3
set acl_c1 = yellow - $sender_fullhost
log_message = GREYLIST CONNECT - YELLOW Hostname $sender_host_name
$sender_host_address
deny hosts = +hardblacklist
log_message = BLACKLIST CONNECT Hostname $sender_host_name
$sender_host_address
deny dnslists = hostkarma.junkemailfilter.com=127.0.0.2
log_message = GREYLIST CONNECT - BLACK Hostname $sender_host_name
$sender_host_address
deny log_message = SPAM RBL $dnslist_domain
!dnslists = hostkarma.junkemailfilter.com=127.0.0.1,127.0.0.3
dnslists = nomail.rhsbl.sorbs.net/$sender_address_domain :
cbl.abuseat.org :\
web.dnsbl.sorbs.net : socks.dnsbl.sorbs.net :\
http.dnsbl.sorbs.net : blackholes.mail-abuse.org
warn log_message = DNS CHECK REVERSE $sender_host_address.
!verify = reverse_host_lookup
accept
check_helo:
accept hosts = +whitelist
endpass
deny message = Your server announces itself \
($sender_helo_name) with a plain \
IP address which is in breach of RFC2821. \
Please read http://www.faqs.org/rfcs/rfc2821.html \
and fix before attempting to resend.
condition = ${if isip {$sender_helo_name} {1}{0} }
log_message = HELO IP $sender_helo_name
warn condition = ${if !match{$sender_helo_name}{\\.}{yes}{no}}
log_message = HELO NO-FQDN $sender_helo_name
deny log_message = HELO MISMATCH Forged HELO for ($sender_helo_name)
set acl_m5 = ${lookup{$sender_helo_name} \
partial-lsearch{/usr/local/etc/exim/helo-check} \
{${if eq{$value}{}{$sender_helo_name}{$value}}}{}}
message = You are not really $sender_helo_name. Go Away.
condition = ${if !eq{$acl_m5}{} {1}}
condition = ${if !match{$sender_host_name}{${rxquote:$acl_m5}\N$\N}
{1}}
warn !verify = helo
log_message = HELO VERIFY for ($sender_helo_name)
($sender_host_name)
accept
check_recipient:
*...snip...*
################################
Please let me know any ideas you have... I can post more/specific parts of
the config file too of course.
Thanks in advance for your time!
Amrahd
