Re: [exim] Web Form on same box as exim4. Getting Could not …

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: jwexler
Data:  
Para: exim-users
Asunto: Re: [exim] Web Form on same box as exim4. Getting Could not connect to SMTP host: 127.0.0.1, port 7396
Hi Chris,

Awesome! Thank you!!

I just configured the local_interfaces to just the desired address.port
combinations per the link you provided.

Your feedback on the security is very valuable. I will consider
significantly about risks of the web form script and work on making it as
safe as I can.

Thank you again for your help. I really appreciate it.

Jeff

-----Original Message-----
From: Chris Wilson [mailto:chris+exim@qwirx.com]
Sent: Thursday, June 17, 2010 7:06 PM
To: jwexler@???
Cc: 'Chris Wilson'; exim-users@???
Subject: RE: [exim] Web Form on same box as exim4. Getting Could not connect
to SMTP host: 127.0.0.1, port 7396

Hi Jeff,

On Thu, 17 Jun 2010, jwexler@??? wrote:

> Do you know of a way to specify specific interface:port combinations?


http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html#SECID89

> Also, I needed to add 127.0.0.1 to my MAIN_RELAY_NETS definition so that
> email from the web form will also pass my !hosts = MAIN_RELAY_NETS
> statements in some acls.
>
> Do you think that opens me up to outside attackers desiring to use the
> server for spam relay, etc?


Probably no more than using a script to send emails already does.

> In other words, is it possible for an attacker
> to trick exim into thinking that their host is 127.0.0.1 even though they
> are on a remote machine?


Should not be possible.

> (Assuming of course that they are unable to
> actually penetrate the box itself,


With scripts this is very possible.

> but rather their masking themselves as host 127.0.0.1) If so, I do not
> know of any way to prevent this other than of course giving up on
> combining the web server and email server on the same box.


You can restrict the addresses that the web form can send to, to limit
possible abuses and reduce the risk of your server being blacklisted for
sending spam.

Cheers, Chris.
-- 
_ ___ __     _
  / __/ / ,__(_)_  | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |