Re: [exim] Seeking advice how to deal with spam faked to appear as coming from my domain

[Shea Martin]

Nigel Metheringham wrote:

On Mon, 2005-11-14 at 12:20 +0100, Exim User wrote:
 

Looks like I'm not the only one weird by this?
To get things clear, this is the process as it explores to me:
Somebody sends spam with a faked sender of my domain.
This spam bounces back to my mailserver (Exim 4.5.1).
   


Ideally this stuff would have been rejected at SMTP time and not
generated a bounce message, but thats outside of your control - however
you are making this far worse by not doing SMTP time verification of
incoming recipient addresses, as this means that people doing call-back
style verification of senders are not rejecting the forged crap as your
system prevents them doing further verification.
 

As a noob, I am not 100% sure sure what SMTP time verification is.  Is 
this 39.31 in the manual?  Or is this something different.

~S

 

Example here:
   

...snipped...

 

Then my mailserver tries to deliver this bounce to the faked address, which
is non-existant. 
   


Major problem one for you is that your system accepts that mail.  You
should reject it early (ie at SMTP time) then you would not have to
generate a bounce

 

Somewhere here it loses the sender or whatsoever and can't
deliver it, so it gets frozen.
   


A bounce is sent to the envelope sender address.
A bounce is sent *with* its own envelope sender address set to <>
A bounce message cannot be generated for an undeliverable bounce
message, so exim is freezing the incoming bounce message.

 

Example:
   

....snipped....

 

My acl_check_rcpt contains " require verify = sender", or do you think about
something else?
   


You need:-
     * Recipient verification within your rcpt ACL
     * local address routing that does not include any catch-all
       routers

You might also benefit from sender address verification, possibly
including callback verification - however that does not address your
specific problem, which is that you are accepting mail for non-existent
local users from non-local senders (you might wish to accept invalid
addresses from local senders, and then generate a bounce, since many
MUAs react badly to being given SMTP errors, but folks should recognise
a bounce).

        Nigel.
 



--
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/