Re: [exim] Mail to self allowed without restrictions

Pàgina inicial
Delete this message
Reply to this message
Autor: Sebastian Nielsen
Data:  
A: Evgeniy Berdnikov
CC: exim users
Assumpte: Re: [exim] Mail to self allowed without restrictions
My suggested rules covers them both.

The first "deny" blocks mails with spoofed MAIL FROM adress, but the
second deny (that you put in acl_data) blocks mails with spoofed MIME
From. (ergo "From:" header).
Having both is good because some spammers use a "correct" MAIL FROM
but a spoofed "MIME From" that claims the mail was from yourself.

Den tis 5 feb. 2019 kl 17:28 skrev Evgeniy Berdnikov via Exim-users
<exim-users@???>:
>
> On Tue, Feb 05, 2019 at 04:48:46PM +0100, Sebastian Nielsen via Exim-users wrote:
> > in acl_mail (before SPF check):
> >
> > accept
> > authenticated = *
> > sender_domains = +local_domains
> > set acl_m0 = authorizedrelay
> > deny
> > message = You can't spoof the domains this server is authorative for
> > sender_domains = +local_domains
> >
> >
> > then in acl_data:
> > deny
> > message = You can't spoof the MIME From this server is authorative for
> > condition = ${if match {$h_from:}{^(?i).*<.*@(.*YOUR_DOMAIN_HERE>\$}{yes}{no}}
> > condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}}
>
> The $h_from: refers to mail header "From:", but you previously wrote
> about MAIL FROM address, which is generally a different thing.
>
> You have better to run Exim with debugging (-d+acl) and study the output.
>
> > Den tis 5 feb. 2019 kl 15:37 skrev Al T. via Exim-users <exim-users@???>...
> > > I have manually tested both of these policies and they are working as they
> > > should, except in one case: if the MAIL FROM and RCPT TO address are the same,
> > > the mail is accepted without requiring authentication, and without validating
> > > the SPF record. This means some spam gets through by simply claiming to be
> > > from me to me.
>
> --
> Eugene Berdnikov
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/