Dear list, my special problem went down around other -550 discussions. What should I add to my rcpt_acl to get rid of > Message IPXDKM-000KV5-KU has been frozen (delivery error message). > The sender is <>.
Thanks Sebastian Am 14.11.2005 12:33 Uhr schrieb "Nigel Metheringham" unter <[EMAIL PROTECTED]>: > On Mon, 2005-11-14 at 12:20 +0100, Exim User wrote: >> Looks like I'm not the only one weird by this? >> To get things clear, this is the process as it explores to me: >> >> Somebody sends spam with a faked sender of my domain. >> This spam bounces back to my mailserver (Exim 4.5.1). > > Ideally this stuff would have been rejected at SMTP time and not > generated a bounce message, but thats outside of your control - however > you are making this far worse by not doing SMTP time verification of > incoming recipient addresses, as this means that people doing call-back > style verification of senders are not rejecting the forged crap as your > system prevents them doing further verification. > >> Example here: > ...snipped... > >> Then my mailserver tries to deliver this bounce to the faked address, which >> is non-existant. > > Major problem one for you is that your system accepts that mail. You > should reject it early (ie at SMTP time) then you would not have to > generate a bounce > >> Somewhere here it loses the sender or whatsoever and can't >> deliver it, so it gets frozen. > > A bounce is sent to the envelope sender address. > A bounce is sent *with* its own envelope sender address set to <> > A bounce message cannot be generated for an undeliverable bounce > message, so exim is freezing the incoming bounce message. > >> Example: > ....snipped.... > >> My acl_check_rcpt contains " require verify = sender", or do you think about >> something else? > > You need:- > * Recipient verification within your rcpt ACL > * local address routing that does not include any catch-all > routers > > You might also benefit from sender address verification, possibly > including callback verification - however that does not address your > specific problem, which is that you are accepting mail for non-existent > local users from non-local senders (you might wish to accept invalid > addresses from local senders, and then generate a bounce, since many > MUAs react badly to being given SMTP errors, but folks should recognise > a bounce). > > Nigel. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
