logs archiveIRC Archive / Freenode / #exim / 2010 / June / 13 / 1
HermanDE
Is there a method of running a command on a failed acl?
_mpu
hi, I have a simple question
phx
docs
_mpu
the default config of my debian exim server allow anybody to craft an email with a local sender address and a local recipient address isn't it a security hole ?
without auth, of course
petemc
security hole? lots of header fields are arbitrary
_mpu
I don't speak of headers, I speak of MAIL FROM: and RCPT TO commands
petemc
yes, arbitrary
_mpu
the relay will be denied if the connection is not authenticated and the rcpt domain is not local
petemc
fantastic then
         

_mpu
yes, but is it possible to deny the mail when the sender & the recipient are locals but the conn is not authenticated
petemc
you can run an acl for locally generated mail
submitted via sendmail
_mpu
by local I mean that the domain is the one of my host
petemc
domain?
local usually means local to the machine
_mpu
yes sorry for the mistake, I meant "when rctp & sender have the hostname of the local host as domain part of their email address"
local
not me?
_mpu
in fact only when the sender matches this condition will be ok.
local: not you
petemc
deny sender_domains = +local_domains
!authenticated = *
something like that
in the rcpt acl
_mpu
thanks, (what does the + mean ?)
petemc
its a domain list
_mpu
kind of a cast
petemc
well, its referring to a previously defined list
_mpu
nice, it did the job
it's a good acl, do you have an idea of the reason why it is not by default ?
lennard
because it will leave a lot of people wondering why they're not getting some of their mail
_mpu
why ?
lennard
well, because their situation isnt exactly like yours, and there may be fully legitimate reasons for having mail with local senders arrive
_mpu
they arrive, if they were sent by an auhenticated conn
lennard
well, because their situation isnt exactly like yours, and there may be fully legitimate reasons for having mail with local senders arrive from unauthenticated sources
_mpu
hmmm ...
:)
HermanDE
Is there a method of running a command on a failed acl?
         

next »