Hi Chris, Awesome! Thank you!!
I just configured the local_interfaces to just the desired address.port combinations per the link you provided. Your feedback on the security is very valuable. I will consider significantly about risks of the web form script and work on making it as safe as I can. Thank you again for your help. I really appreciate it. Jeff -----Original Message----- From: Chris Wilson [mailto:[email protected]] Sent: Thursday, June 17, 2010 7:06 PM To: [email protected] Cc: 'Chris Wilson'; [email protected] Subject: RE: [exim] Web Form on same box as exim4. Getting Could not connect to SMTP host: 127.0.0.1, port 7396 Hi Jeff, On Thu, 17 Jun 2010, [email protected] wrote: > Do you know of a way to specify specific interface:port combinations? http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html#SECID89 > Also, I needed to add 127.0.0.1 to my MAIN_RELAY_NETS definition so that > email from the web form will also pass my !hosts = MAIN_RELAY_NETS > statements in some acls. > > Do you think that opens me up to outside attackers desiring to use the > server for spam relay, etc? Probably no more than using a script to send emails already does. > In other words, is it possible for an attacker > to trick exim into thinking that their host is 127.0.0.1 even though they > are on a remote machine? Should not be possible. > (Assuming of course that they are unable to > actually penetrate the box itself, With scripts this is very possible. > but rather their masking themselves as host 127.0.0.1) If so, I do not > know of any way to prevent this other than of course giving up on > combining the web server and email server on the same box. You can restrict the addresses that the web form can send to, to limit possible abuses and reduce the risk of your server being blacklisted for sending spam. Cheers, Chris. -- _ ___ __ _ / __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK | / (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer | \ _/_/_/_//_/___/ | We are GNU-free your mind-and your software | -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
