Re: [exim] hole in acl_smtp_mail

Inizio della pagina
Questo messaggio è parte di questo thread:
M--\il thread completo ordinato per data
M\.MAxel Rau at <-
MM\MDave Evans at ->
Delete this message
Reply to this message
Autore: Axel Rau
Data:  
To: Exim Mailing List
Oggetto: Re: [exim] hole in acl_smtp_mail

Am 01.08.2010 um 13:06 schrieb Axel Rau: 

> I have this acl, to refuse local senders, not coming from local
> outgoing relays:
> ----------
>   deny    message        = "We don't like spoofed sender addresses"
>       log_message    = $sender_host_name [$sender_host_address] attempts to
> spoof local sender
>     sender_domains    = +local_domains
>     hosts        = !+own_outgoing_relay_hosts
>     delay        = 3m

>
> accept
> ----------
I have now traced an example where the ACL condition "sender_domains"  
does not test the domain part of the sender address but the domain  
part/fqdn of the sending relay (client), "localhost" in the following  
example:
--------------------------
72219 HELO verification failed but host is in helo_try_verify_hosts
72219 SMTP>> 250 mx4.lrau.net Hello localhost [222.252.137.104]
72219 SMTP<< MAIL FROM: <axel.rau.news@???>
72219 spool directory space = 581621868K inodes = 122205500  
check_space = 102400K inodes = 0 msg_size = 0
72219 using ACL "acl_check_mail"
72219 processing "warn"
72219 check logwrite = DM: $sender_address_domain
72219                = DM: chaos1.de
72219 LOG: MAIN
72219   DM: chaos1.de
72219 warn: condition test succeeded
72219 processing "deny"
72219 check sender_domains = +local_domains
72219 search_open: pgsql "NULL"
72219 search_find: file="NULL"
72219   key="SELECT name FROM localdomain WHERE name ='localhost' "  
partial=-1 affix=NULL starflags=0
72219 LRU list:
72219 internal_search_find: file="NULL"
72219   type=pgsql key="SELECT name FROM localdomain WHERE name  
='localhost' "
72219 database lookup required for SELECT name FROM localdomain WHERE  
name ='localhost'
72219 PostgreSQL query: SELECT name FROM localdomain WHERE name  
='localhost'
72219 PGSQL new connection: host=xyz port= database=operations user=abc
72219 PGSQL: no data found
72219 lookup failed
72219 chaos1.de in ""? no (end of list)
72219 chaos1.de in "+local_domains"? no (end of list)
72219 deny: condition test failed
72219 processing "accept"
72219 accept: condition test succeeded
72219 SMTP>> 250 OK
72219 SMTP<< RCPT TO: <axel.rau.news@???>
--------------------------
I will will create a bug report and try to rewrite the acl to use  
$sender_address_domain for the test.


Axel
---
axel.rau@??? PGP-Key:29E99DD6 +49 151 2300 9283 computing @
chaos claudius


Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-[exim] FAKE SENDERSRe: [exim] proble m in sending mail from our sites to ceratin sites->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)