Re: [exim] hole in acl_smtp_mail

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dave Evans
Date:  
À: exim-users
Sujet: Re: [exim] hole in acl_smtp_mail
On Mon, Aug 02, 2010 at 04:39:50PM +0200, Axel Rau wrote:
>
> Am 01.08.2010 um 13:06 schrieb Axel Rau:
>
> > I have this acl, to refuse local senders, not coming from local
> > outgoing relays:
> > ----------
> >   deny    message        = "We don't like spoofed sender addresses"
> >       log_message    = $sender_host_name [$sender_host_address] attempts to
> > spoof local sender
> >     sender_domains    = +local_domains
> >     hosts        = !+own_outgoing_relay_hosts
> >     delay        = 3m

> >
> > accept
> > ----------
> I have now traced an example where the ACL condition "sender_domains"
> does not test the domain part of the sender address but the domain
> part/fqdn of the sending relay (client), "localhost" in the following
> example:



> 72219 SMTP<< MAIL FROM: <axel.rau.news@???>
> 72219 processing "deny"
> 72219 check sender_domains = +local_domains
> 72219 search_open: pgsql "NULL"

...
> 72219 lookup failed
> 72219 chaos1.de in ""? no (end of list)
> 72219 chaos1.de in "+local_domains"? no (end of list)
> 72219 deny: condition test failed


Nope, it's definitely testing chaos1.de (i.e. the domain of the MAIL FROM
address), as the penultimate line above shows.

Of course, AFAICT you haven't yet shown us what the +local_domains domain list
is, and my guess is you're trying to debug the pgsql lookup part:

> 72219 key="SELECT name FROM localdomain WHERE name ='localhost' "
> partial=-1 affix=NULL starflags=0


which does indeed seem to be using "localhost" - but we can't tell you why that
is until you show us the definition of +local_domains.

> I will will create a bug report


So far, I see no evidence of a bug. Perhaps you'd like to reveal more of your
configuration to us so we can help you?

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey