Re: [exim] Spoof prevention acl

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: soumya tr
CC: exim-users@exim.org
Subject: Re: [exim] Spoof prevention acl
On Fri, Jun 14, 2013 at 12:36 AM, soumya tr <soumya.324@???> wrote:
> Hi,
>
> I am trying to add spoof prevention acl at acl_smtp_datacustom [which
> inturn calls acl_smtp_data]. But the problem is its rejecting incoming
> mails as well at times. The acl I used was:


I think you need to limit which hosts you apply this to and if smtp
auth is being used.

I also think you need to analyze what your system does when it
receives the following headers:

From: Me <me@???>, Me <me@???>

Yes, you can have multiple from addresses. So your expansion needs to
either check all of them, or just pick one (first, last, etc), and use
that one for the test.

To: Me <me@???>, Me <me@???>

Consider what happens if both of these are domains you host? Or only
one of them is? Your condition needs to handle all possible
combinations and you need to decide if only one is correct that it is
an acceptable email or not.

Now you need to be warned of the BAD things that can happen due to
trying to detect forged headers:

Consider what happens if one of your users joins this mailing list.
Your domain is example.net. Your user is user@???. He joins
this mailing list. He posts and complains about the spam filtering or
something. The email comes to the exim-users mailing list server, and
the exim-user mailing list server sends out emails to everybody
subscribed. Your mail server receives the email and the header From:
says it's from "user@???", but you are configuring your exim
to know that example.net is a local domain and assume it must be
forged, so you reject it. That was a valid case where the header from
does not match the envelope MAIL FROM, but your system is going to
reject it. That's bad.

The alternative approach is to configure your exim system to detect
these purported forgeries and instead of rejecting it, redirect it to
a user's .Spam folder. I think you will find that a large amount of
emails will erroneously end up in that Spam folder instead of their
Inbox.

> I am not sure where I am wrong. I tried to use the same acl in
> acl_smtp_predata, but $h_to, $h_from dosen't have values at the acl.


Right, only in the DATA acl because that's *after* the message headers
and body have been received. The PREDATA acl means that the headers
have not yet been sent to your server, so $h_to and $h_from have no
value (becuase they have not been received yet).

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine