On Fri, Jun 14, 2013 at 12:36 AM, soumya tr <[email protected]> wrote: > Hi, > > I am trying to add spoof prevention acl at acl_smtp_datacustom [which > inturn calls acl_smtp_data]. But the problem is its rejecting incoming > mails as well at times. The acl I used was:
I think you need to limit which hosts you apply this to and if smtp auth is being used. I also think you need to analyze what your system does when it receives the following headers: From: Me <[email protected]>, Me <[email protected]> Yes, you can have multiple from addresses. So your expansion needs to either check all of them, or just pick one (first, last, etc), and use that one for the test. To: Me <[email protected]>, Me <[email protected]> Consider what happens if both of these are domains you host? Or only one of them is? Your condition needs to handle all possible combinations and you need to decide if only one is correct that it is an acceptable email or not. Now you need to be warned of the BAD things that can happen due to trying to detect forged headers: Consider what happens if one of your users joins this mailing list. Your domain is example.net. Your user is [email protected]. He joins this mailing list. He posts and complains about the spam filtering or something. The email comes to the exim-users mailing list server, and the exim-user mailing list server sends out emails to everybody subscribed. Your mail server receives the email and the header From: says it's from "[email protected]", but you are configuring your exim to know that example.net is a local domain and assume it must be forged, so you reject it. That was a valid case where the header from does not match the envelope MAIL FROM, but your system is going to reject it. That's bad. The alternative approach is to configure your exim system to detect these purported forgeries and instead of rejecting it, redirect it to a user's .Spam folder. I think you will find that a large amount of emails will erroneously end up in that Spam folder instead of their Inbox. > I am not sure where I am wrong. I tried to use the same acl in > acl_smtp_predata, but $h_to, $h_from dosen't have values at the acl. Right, only in the DATA acl because that's *after* the message headers and body have been received. The PREDATA acl means that the headers have not yet been sent to your server, so $h_to and $h_from have no value (becuase they have not been received yet). ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
