[Techtalk] eximconfig rejecting my mailing list posts

Conor Daly conor.daly-linuxchix at cod.homelinux.org
Sat Apr 16 03:52:34 EST 2005 

On Fri, Apr 15, 2005 at 01:38:27PM -0400 or so it is rumoured hereabouts, 
Elwing thought:
> 
> Conor Daly wrote:
> > Urk!  I'm running exim-4.44 with eximconfig-2.1 filtering incoming mail on
> > my internet facing SMTP server.  I've suddenly noticed that my posts to
> > mailing lists are getting rejected by my mail server with 
> > 
> > 	"Sender <...> is attempting to use forged local or relay header
> > 	From: address <...>"
> > 
> > Now, this is because mail sent by me to a mailing list is returned to me
> > with my own address as the From: address.  This check exists within
> > eximconfig to reject spam claiming to be from me coming in on the external
> > interface.  Is there any way to stop the rejections for the genuine
> > messages while still rejecting the spoofed ones?.  
> 
> what I do is check the HELO/EHLO, exim will take the "real" IP/host and
> compare it. (I also let in any of my internal network, all of whom use
> the mail server as a smarthost)
> (in my exim configure)
> 
> acl_check_helo:
> 
> #   accept authenticated = *
>    accept hosts = ::::1 : 192.168.0.0/24
> 
>    deny message = HELO/EHLO with my IP address.  You are not me.
>    log_message = HELO/EHLO my.ip
>    condition = ${if match {$sender_helo_name}{<My IP>} {yes}{no}}
> 
>    deny message = HELO/EHLO with my domain name. You are not me.
>    log_message = HELO/EHLO my.domain
>    condition = ${if match {$sender_helo_name}{<my domain>} {yes}{no}}

Because I'm using eximconfig, all of the stuff is in various files.
There's a config file that allows me to turn on/off CHECK_FORGED_FROM but
that will disable a spam check.  Poking in more detail at the rejection
log, I see the following:

1. From: and Envelope-to are both set to my address
2. Envelope-from and Sender: are both set to techtalk-bounces at ...
3. To: is set to techtalk at ...
4. These conditions are met for a different (mailman run) mailing list
   also.

This suggests a custom rule that will allow mailing list messages without
sacrificing too much of the forged sender check.

The existing forged_from check looks like this (with some line wrap):

   # Check that remote host is not trying to forge local or relay domain
   # name in the header From: address.
   #
   deny    hosts          = ! +local_relay_hosts : ! +remote_hosts
         ! authenticated  = *
           condition      = ${if and { \
                               {eq {FORGERY_CHECKS}{Yes}} \
                               {eq {CHECK_FORGED_FROM}{Yes}} \
                               {eq {${if or { \
                                 {eq {${domain:$h_From:}}{HOSTNAME}} \
                                 {eq
{${lookup{${domain:$h_From:}}lsearch{CONFIGDIR/domains/local}{FOUND}{}}}{FOUND}}
\
                                 {eq
{${lookup{${domain:$h_From:}}lsearch{CONFIGDIR/domains/relay}{FOUND}{}}}{FOUND}}
\
                               } {yes}{no}}}{yes}} \
                             } {yes}{no}}
           log_message    = Sender $sender_address from remote host
$sender_fullhost is attempting to use forged local or relay header From:
address $h_From:
           message        = MESSAGE_SENDER_FROM_FORGED

I'll have to learn the syntax first though and figure out where to put the
custom version of the test...

Conor
-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)
---------------------
Hobbiton.cod.ie
 18:41:38  up 14 days,  2:58,  3 users,  load average: 0.00, 0.00, 0.00

More information about the Techtalk mailing list