Re: [exim] Block emial from my host to my host without autho…

Etusivu
Poista viesti
Vastaa
Lähettäjä: Sebastian Nielsen
Päiväys:  
Vastaanottaja: Sławomir Dworaczek
Kopio: exim users
Aihe: Re: [exim] Block emial from my host to my host without authorization
I have done this:

in MAIL FROM acl:

  accept
    authenticated = *
    sender_domains = +local_domains
    hosts = +relay_from_hosts
    set acl_m0 = authorizedrelay
  deny
    message = You can't spoof the domains this server is authorative for
    sender_domains = ^(?i)(.*\\.sebbe|sebbe)\\.eu\$ : +local_domains
  deny
    message = Local users must authenticate
    hosts = +relay_from_hosts



Description:
The first rule lets authenticated (both correct username/password but
also correct IP) through.Also it sets a variable so it "remembers"
that the user in question is authorized for RCPT and MAIL checks.
I have also enabled so it don't announce AUTH to unauthorized IPs so
its a double-check there.
If not authenticated, the MAIL FROM may not end in "sebbe.eu"
The third rule, that enforces local users in local net to
authenticate, is a Dirty check just to prevent virus/bot software from
mailing.


In RCPT TO acl:

  accept
    condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}
    control = submission/sender_retain
    control = dkim_disable_verify
  require
    message = relay not permitted
    domains = +local_domains



Description: This accepts mail that is authorized (in the MAIL stage)
regardless of destination, and also sets submission fixup and DKIM
disable. Else it will reject mails that are not destined for a local
mailbox.

In DATA acl:

  deny
    message = You can't spoof the MIME From this server is authorative for
    condition = ${if match {$h_from:}{sebbe\\.eu}{yes}{no}}
    condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
  deny
    message = Authorized relayed messages MUST have a local MIME From
    condition = ${if match {$h_from:}{@sebbe\\.eu>\$}{no}{yes}}
    condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}}



Description:
This disables local spoofing in MIME from,.
And requires local adress for authorized users, to prevent bot/virus
software from spoofing it, so any breach becomes more traceable.



In addition, I have enabled SPF and made "softfail" and "hardfail"
both end up in a reject, which also puts down on a LOT of spoofing.

Den lör 19 jan. 2019 kl 12:51 skrev Sławomir Dworaczek via Exim-users
<exim-users@???>:
>
> Hello
> How to block sending mail from my host to my host users without authorization, so that in the future there are no such situations
> 41.56.57.80 is not my ip address
>
> Return-path: <katowice@???>
> Envelope-to: katowice@???
> Delivery-date: Sat, 19 Jan 2019 09:44:50 +0100
> Received: from exim by domain.dot.com with bogodone (Exim 4.91)
> (envelope-from <katowice@???>)
> id 1gkmFF-0002yr-NK
> for katowice@???; Sat, 19 Jan 2019 09:44:50 +0100
> Received: from [41.56.57.80]
> by domain.dot.com with esmtp (Exim 4.91)
> (envelope-from <katowice@???>)
> id 1gkmFE-0002ym-UR
> for katowice@???; Sat, 19 Jan 2019 09:44:49 +0100
> Message-ID: <B7A688EC4A99C22E3F1175D3005BB7A6@ORMX1OT69>
> From: <katowice@???>
> To: <katowice@???>
>
> regards
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/