Re: [exim] Spoofed email address in From: header

Pàgina inicial
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
A: exim-users
Assumpte: Re: [exim] Spoofed email address in From: header
Hello,

web@??? <web@???> (So 05 Mai 2013 04:59:54 CEST):
> Cyborg wrote:
>
> >My guess is,one ">" is handled as part of the domain name.
>
> I think this is a problem. But I search for acl which will catch
> such inproper headers.


As already suggested… Read the spec around header_syntax.
Here is a small example:

~~[micro exim config file /tmp/x]

    acl_smtp_rcpt = accept
    acl_smtp_data = accept verify = header_syntax


~~[test]

swaks --header 'From: <<luser@???>>' --pipe 'exim -C /tmp/x -bh 8.8.8.8' \
    -f luser@??? \
    -t luser@???


~~[result]
>>> require: condition test failed in ACL "acl_data"

LOG: 1UZJ0Q-0001uR-Gx H=google-public-dns-a.google.com (jumper.schlittermann.de) [8.8.8.8] F=<luser@???> rejected after DATA: missing or malformed local part: failing address in "From:" header is: <<luser@???>>
<** 550 Administrative prohibition


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: 7CBF764A -
 gnupg fingerprint: 9288 F17D BBF9 9625 5ABC  285C 26A9 687E 7CBF 764A -
(gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2  7E92 EE4E AC98 48D0 359B)-