Re: [exim] block emails with more than one 'Received: from' …

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Ian Eiloart
Fecha:  
A: Mike Cardwell, exim-users
Asunto: Re: [exim] block emails with more than one 'Received: from' header


--On 26 January 2010 10:44:43 +0000 Mike Cardwell
<exim-users@???> wrote:

> On 26/01/2010 09:49, Dave Evans wrote:
>
>>>> The only means by which I think I can restrict traffic so that it
>>>> *truly* comes from within the hotel's IP address, is to make it so
>>>> that the emails must have *only one* 'Received: from' header.
>>>>
>>>> If the email was truly from just within the hotel's network, it would
>>>> only have the header below (i.e. only one 'Received: from' header)
>>>>
>>>> Any way to do this?
>>>
>>> I think you should be able to put this in your acl_smtp_data acl:
>>>
>>> deny condition = ${if !eq{$h_Received:}{}}
>>>        message   = Received headers not allowed

>>>
>>> MUAs shouldn't be adding their own received headers before submitting
>>> messages to your server.
>>
>> Messages can legitimately have more than one "Received" header (though
>> admittedly one is by far the most common case). You may end up blocking
>> some legit mail by mistake.
>
> As I understand it, for his scenario, he only wants to accept email from
> MUAs. I don't know of a case where an MUA would add a Received header to
> an email when constructing it?


A "resent" email would carry "Received" headers, wouldn't it?


>> Also, isn't Exim's own "Received" header added before the acl_smtp_data
>> is run?
>
> I don't know.
>
>> In which case that above ACL would block *all* mail? I would have
>> thought you'd want something like (totally untested):
>>
>>    condition = ${if match{$h_Received:}{\\n}}

>
> Received headers usually have newlines in them. Possibly better to check
> for:
>
> condition = ${if match{$h_Received:}{\N\nReceived: \N}}
>
> Or:
>
> condition = ${if match{$h_Received:}{\N\nfrom \N}}
>
> I can't remember how it works. The person who started this thread can
> test.
>
> --
> Mike Cardwell    : UK based IT Consultant, Perl developer, Linux admin
> Cardwell IT Ltd. : UK Company - http://cardwellit.com/       #06920226
> Technical Blog   : Tech Blog  - https://secure.grepular.com/
> Spamalyser       : Spam Tool  - http://spamalyser.com/




--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/