Re: [exim] Block mail of reverse DNS fails

Top Pagina
Delete this message
Reply to this message
Auteur: Heiko Schlittermann
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] Block mail of reverse DNS fails
Hi,

Archil Imnadze <archil@???> (Di 01 Sep 2015 20:42:33 CEST):
..
> I have an Exim instance running on Debian Jessie. For each mail that is
> received by Exim I would like to check if the reverse DNS for the sender
> domain matches the connecting IP and if not reject the mail.


It's the ACL condition

    deny    message = reverse lookup for your ip failed
            verify  = reverse_host_lookup


But as stated in other replies already, you're asking for trouble, if
you use this option.

> Consider the following scenarios.
> * A spammer sends an email from the IP 94.123.123.123 with
> info@??? in the "From" field but the domain
> spammerwebsite.com doesn't resolve to 94.123.123.123. I want this to be
> blocked.


1) This doesn't require a PTR lookup, if you 'spammerwebsite.com' for
your query.

2) You cannot impose a relation between the PTR of an IP and the Domain
used in the From field. (The From field is totally irrelevant for such
cases. You should consider using the Envelope sender. But even there the
sending hostname (as you get from a PTR lookup) doesn't need to be
related to the sender domain.


> * A spammer sends an email from the IP 94.123.123.123 with
> info@??? in the "From" field. In this case example.com is my own
> domain and it cannot be located at 94.123.123.123. I want this to be
> blocked too.


If you're sure about your own domain, just block incoming messages with
your own domain as a sender. (And read about From and Envelope From)

> * Where can I find the correct documentation?


On your Debian System /usr/share/doc/exim4-base/spec.txt.gz, or on the
exim.org website.

> * How do I debug a configuration file?


Read it. Understand it. Use 'exim -bt <address>', or 'exim -bv
<address>' for address/routing tests, use 'exim -brw <address>' for
rewrite tests, use 'exim -be <expression>' for tests about Exims
expansion capabilitites.

Read the documentation and for real testing read
about the various -d<…> options. Use swaks and it's --pipe mode in
connection with 'exim -bh x.x.x.x' to debug ACLs in your configuration
Use swaks and it's --pipe mode in connection with 'exim -bh x.x.x.x' to
debug ACLs in your configuration

> * Why can't the configuration start from an empty file?


It can. But it's not useful. But an empty file is a valid configuration.
Exim contaisn already lots of default values

    exim -C /dev/null -bP



But it won't do anything useful, because you need to explain it your
needs. And your needs are not my needs.

The example.conf is a good starting point.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -