Re: [exim] Mail to self allowed without restrictions

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Evgeniy Berdnikov
Date:  
À: exim-users
Sujet: Re: [exim] Mail to self allowed without restrictions
On Tue, Feb 05, 2019 at 04:48:46PM +0100, Sebastian Nielsen via Exim-users wrote:
> in acl_mail (before SPF check):
>
> accept
> authenticated = *
> sender_domains = +local_domains
> set acl_m0 = authorizedrelay
> deny
> message = You can't spoof the domains this server is authorative for
> sender_domains = +local_domains
>
>
> then in acl_data:
> deny
> message = You can't spoof the MIME From this server is authorative for
> condition = ${if match {$h_from:}{^(?i).*<.*@(.*YOUR_DOMAIN_HERE>\$}{yes}{no}}
> condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}


The $h_from: refers to mail header "From:", but you previously wrote
about MAIL FROM address, which is generally a different thing.

You have better to run Exim with debugging (-d+acl) and study the output.

> Den tis 5 feb. 2019 kl 15:37 skrev Al T. via Exim-users <exim-users@???>...
> > I have manually tested both of these policies and they are working as they
> > should, except in one case: if the MAIL FROM and RCPT TO address are the same,
> > the mail is accepted without requiring authentication, and without validating
> > the SPF record. This means some spam gets through by simply claiming to be
> > from me to me.


--
Eugene Berdnikov