Re: [exim] Block emial from my host to my host without authorization
Thank you Sebastian !You rules in only one domainHow modify this rules to exim multidomain ? regarfs -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Block emial from my host to my host without authorization
I have done this: in MAIL FROM acl: accept authenticated = * sender_domains = +local_domains hosts = +relay_from_hosts set acl_m0 = authorizedrelay deny message = You can't spoof the domains this server is authorative for sender_domains = ^(?i)(.*\\.sebbe|sebbe)\\.eu\$ : +local_domains deny message = Local users must authenticate hosts = +relay_from_hosts Description: The first rule lets authenticated (both correct username/password but also correct IP) through.Also it sets a variable so it "remembers" that the user in question is authorized for RCPT and MAIL checks. I have also enabled so it don't announce AUTH to unauthorized IPs so its a double-check there. If not authenticated, the MAIL FROM may not end in "sebbe.eu" The third rule, that enforces local users in local net to authenticate, is a Dirty check just to prevent virus/bot software from mailing. In RCPT TO acl: accept condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}} control = submission/sender_retain control = dkim_disable_verify require message = relay not permitted domains = +local_domains Description: This accepts mail that is authorized (in the MAIL stage) regardless of destination, and also sets submission fixup and DKIM disable. Else it will reject mails that are not destined for a local mailbox. In DATA acl: deny message = You can't spoof the MIME From this server is authorative for condition = ${if match {$h_from:}{sebbe\\.eu}{yes}{no}} condition = ${if eq {$acl_m0}{authorizedrelay}{no}{yes}} deny message = Authorized relayed messages MUST have a local MIME From condition = ${if match {$h_from:}{@sebbe\\.eu>\$}{no}{yes}} condition = ${if eq {$acl_m0}{authorizedrelay}{yes}{no}} Description: This disables local spoofing in MIME from,. And requires local adress for authorized users, to prevent bot/virus software from spoofing it, so any breach becomes more traceable. In addition, I have enabled SPF and made "softfail" and "hardfail" both end up in a reject, which also puts down on a LOT of spoofing. Den lör 19 jan. 2019 kl 12:51 skrev Sławomir Dworaczek via Exim-users : > > Hello > How to block sending mail from my host to my host users without > authorization, so that in the future there are no such situations > 41.56.57.80 is not my ip address > > Return-path: > Envelope-to: katow...@domain.dot.com > Delivery-date: Sat, 19 Jan 2019 09:44:50 +0100 > Received: from exim by domain.dot.com with bogodone (Exim 4.91) > (envelope-from ) > id 1gkmFF-0002yr-NK > for katow...@domain.dot.com; Sat, 19 Jan 2019 09:44:50 +0100 > Received: from [41.56.57.80] > by domain.dot.com with esmtp (Exim 4.91) > (envelope-from ) > id 1gkmFE-0002ym-UR > for katow...@domain.dot.com; Sat, 19 Jan 2019 09:44:49 +0100 > Message-ID: > From: > To: > > regards > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Block emial from my host to my host without authorization
On 19 Jan 2019, at 9:46, Lena--- via Exim-users wrote: You asked this question on a mailing list. Some mailing lists don't alter envelope-from, so you'd not receive your own messages back from such mailing lists. The implementation of mailing lists by transparent forwarding (e.g. what you'd get from a single traditional multi-address alias) has always been a problematic mode of operating a mailing list that serves users in multiple domains and in the modern world of SPF, DMARC, and widespread forgery it is unworkable in that it makes the overwhelming majority of personal mailboxes undeliverable. What is actually dangerous for trying to block forgeries of local addresses is to look at the From: header. Modifying that is still not a dominant behavior of mailing lists and may never be, as it interferes with behavior people don't want to end. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Available For Hire: https://linkedin.com/in/billcole -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Block emial from my host to my host without authorization
> How to block sending mail from my host to my host users without > authorization, so that in the future there are no such situations > 41.56.57.80 is not my ip address > Received: from [41.56.57.80] > by domain.dot.com with esmtp (Exim 4.91) > (envelope-from ) > id 1gkmFE-0002ym-UR > for katow...@domain.dot.com; Sat, 19 Jan 2019 09:44:49 +0100 You asked this question on a mailing list. Some mailing lists don't alter envelope-from, so you'd not receive your own messages back from such mailing lists. Also, the easiest way to test whether your Exim is working at the moment is to send an email through it to a forwarder which sends it to your email address. What you quoted looks like an "I hacked your mailbox" scam sent from a trojaned home Windows, no RDNS in this instance. So, I can advise this solution for rcpt ACL: warn dnslists = cbl.abuseat.org set acl_m_cbl = 1 deny message = it looks like we did not send this condition = ${if eqi{$sender_address}{$local_part@$domain}} !authenticated = * !hosts = @[] condition = ${if or{\ {!def:sender_host_name}\ {match{$sender_host_name}{\N(\d{1,3}[-.]){3}\d\N}}\ {def:acl_m_cbl}\ }} !dnslists = list.dnswl.org!=127.0.0.255 : swl.spamhaus.org -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Block emial from my host to my host without authorization
Hello How to block sending mail from my host to my host users without authorization, so that in the future there are no such situations 41.56.57.80 is not my ip address Return-path: Envelope-to: katow...@domain.dot.com Delivery-date: Sat, 19 Jan 2019 09:44:50 +0100 Received: from exim by domain.dot.com with bogodone (Exim 4.91) (envelope-from ) id 1gkmFF-0002yr-NK for katow...@domain.dot.com; Sat, 19 Jan 2019 09:44:50 +0100 Received: from [41.56.57.80] by domain.dot.com with esmtp (Exim 4.91) (envelope-from ) id 1gkmFE-0002ym-UR for katow...@domain.dot.com; Sat, 19 Jan 2019 09:44:49 +0100 Message-ID: From: To: regards -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/