W B Hacker
Mon, 05 Mar 2007 21:09:21 -0800
Mike Cardwell wrote: > * on the Mon, Mar 05, 2007 at 05:39:49PM -0500, Arthur Hagen wrote: > >> One host I have fetch a couple of outside mailboxes with fetchmail, and >> feeds the emails to exim for local delivery. The problem is that those >> would then be accepted, since the connecting host is localhost. >> Anyone got a good idea for a scenario like that, where you do want to >> scan anything coming from the outside or through fetchmail, but not >> anything sent from machines on the local network? > > At the risk of getting flamed for having the audacity to even consider > mentioning the evil, destructive, and always useless rfc1413... Install > an ident server, firewall it out from non local connections, set exim to > do rfc1413 lookups on local connections and then filter on $sender_ident > being the user fetchmail is run as. > > Job done, > > Mike >
Reasonably bulletproof, and 'seconded' as more generic and easier to implement than some other clever kludges - so long as the firewalling is done as part of the package. ELSE set tcpdump and watch the malworld hammer the bejaysus out of an exposed rfc1413 port. Waste of cycles & b/w, that Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/