Re: [exim] block emails with more than one 'Received: from' …

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] block emails with more than one 'Received: from' header
On 26/01/2010 09:49, Dave Evans wrote:

>>> The only means by which I think I can restrict traffic so that it *truly*
>>> comes from within the hotel's IP address, is to make it so that the emails
>>> must have *only one* 'Received: from' header.
>>>
>>> If the email was truly from just within the hotel's network, it would only
>>> have the header below (i.e. only one 'Received: from' header)
>>>
>>> Any way to do this?
>>
>> I think you should be able to put this in your acl_smtp_data acl:
>>
>> deny condition = ${if !eq{$h_Received:}{}}
>>        message   = Received headers not allowed

>>
>> MUAs shouldn't be adding their own received headers before submitting
>> messages to your server.
>
> Messages can legitimately have more than one "Received" header (though
> admittedly one is by far the most common case). You may end up blocking some
> legit mail by mistake.


As I understand it, for his scenario, he only wants to accept email from
MUAs. I don't know of a case where an MUA would add a Received header to
an email when constructing it?

> Also, isn't Exim's own "Received" header added before the acl_smtp_data is
> run?


I don't know.

> In which case that above ACL would block *all* mail? I would have
> thought you'd want something like (totally untested):
>
>    condition = ${if match{$h_Received:}{\\n}}


Received headers usually have newlines in them. Possibly better to check
for:

condition = ${if match{$h_Received:}{\N\nReceived: \N}}

Or:

condition = ${if match{$h_Received:}{\N\nfrom \N}}

I can't remember how it works. The person who started this thread can test.

-- 
Mike Cardwell    : UK based IT Consultant, Perl developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/       #06920226
Technical Blog   : Tech Blog  - https://secure.grepular.com/
Spamalyser       : Spam Tool  - http://spamalyser.com/