Mailscanner + Exim question

Mark Warpool Mark.Warpool at BENCHMARK-USA.COM
Wed Mar 31 18:02:07 IST 2004 

This is interesting, I hadn't considered this.  My system won't allow
anyone to relay offsite unless they're authenticated (I got scared and
just tested this to be sure).  My ACL accepts mail if A) Its FOR one of
my domains, or B) if its from an authenticated user, or C) it's from a
PC on my network.  So this is effectively the same thing... right?

Forgive me as I think out loud here a little.  So if a Spammer were to
do something like this:

        mail from: <my-user at my-domain.com>
        rcpt to: <my-other-user at my-other-domain.com>

This would get thru, assuming both domains where white listed.  I guess
this isn't really a big deal as it's not likely to happen very often.

Ok, so the next question is, is there an easy way to pull the white list
rules from a MySQL database?  I'm trying to create a system which I can
control completely thru changes to a database.

Mark Warpool     
Benchmark Technologies Corp
 

-----Original Message-----
From: Rick Cooper [mailto:rcooper at DWFORD.COM] 
Sent: Wednesday, March 31, 2004 11:27 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Mailscanner + Exim question

The spoofing should not pass exim in the first place. You, of course,
have
to require user authentication to send if the sender_address_domain were
in
a list of domains that are allowed to send mail through your system
then,
below that you should check anything that claims to come from a host
address
on your network against the ip/cidr for your network addresses or mail
servers for which you relay. If you arbitrarily allow any sender that
claims
to be one of yours (i.e. validuser at yourdoman) then you are already open
for
relaying.

An example (placed after accepting authenticated user)

  deny    message       = ALL Local Users MUST Authenticate. Fix Your
Mail
Settings Please
    condition = \
    ${if and {\
    {eq {yes}{${lookup {$sender_address_domain}lsearch
{/locationof/mail_local_domains_list}{yes}{no}}}}\
    {!eq {yes}{${lookup {$sender_host_address} lsearch
{/locationof/mail_relay_for_ip_list}{yes}{no}}}}\
    }{yes}{no}}

More information about the MailScanner mailing list