On Thu, 8 Sep 2005, Gururajan Ramachandran wrote: > It appears somebody has figured out how to inject email into our queue > via the web account.
Sounds like you have a vulnerable CGI script. > However, I would like to put in a check to make sure at the exim4 side. > I would like to put in a check to make sure that if the sender email > address has our domain anywhere in it and the email originating > machine's ip address is not in our local area network, then reject the > email. If the above is correct, this will not help at all. The default Exim configuration file is not particularly easy to break in such a way that Exim becomes an open relay, so I think you should leave Exim alone and concentrate on your web site. Tony. -- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> http://dotat.at/ ${sg{\N${sg{\ N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\ \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}} -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
