Mailscanner + Exim question

Rick Cooper rcooper at DWFORD.COM
Wed Mar 31 17:26:46 IST 2004 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Mark Warpool
> Sent: Wednesday, March 31, 2004 10:58 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Mailscanner + Exim question
>
>
> This is actually many domains.  If I were to exclude scanning for that
> domain, then wouldn't that allow a spammer to "spoof" an email address
> from those domains in order to bypass MS?

The spoofing should not pass exim in the first place. You, of course, have
to require user authentication to send if the sender_address_domain were in
a list of domains that are allowed to send mail through your system then,
below that you should check anything that claims to come from a host address
on your network against the ip/cidr for your network addresses or mail
servers for which you relay. If you arbitrarily allow any sender that claims
to be one of yours (i.e. validuser at yourdoman) then you are already open for
relaying.

An example (placed after accepting authenticated user)

  deny    message       = ALL Local Users MUST Authenticate. Fix Your Mail
Settings Please
    condition = \
    ${if and {\
    {eq {yes}{${lookup {$sender_address_domain}lsearch
{/locationof/mail_local_domains_list}{yes}{no}}}}\
    {!eq {yes}{${lookup {$sender_host_address} lsearch
{/locationof/mail_relay_for_ip_list}{yes}{no}}}}\
    }{yes}{no}}

The example above includes a skip for mail servers for which we relay, they
are checked further down for various things.


>
>          Mark Warpool
> Phone: (419) 843-6691
> Cell: (419) 356-2298
>
> -----Original Message-----
> From: Rudolf Kliemstein [mailto:info at VILLAGE-NET.AT]
> Sent: Wednesday, March 31, 2004 10:34 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Mailscanner + Exim question
>
> is this an entire domain or just some users?
> if its a domain u could exclude the domain from being scanned
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>

More information about the MailScanner mailing list