[kaffe-siteadmin] Forged From: @kaffe.org emails via smtp
Jim Pick
jim at kaffe.org
Wed Mar 10 09:06:02 PST 2004
Hi,
Are there any exim experts out there?
Recently a number of viruses/worms have injected emails into the
kaffe.org server via SMTP that forged the From headers -- eg.
From: admin at kaffe.org
From: kaffe at kaffe.org
The relaying rules prevented the emails from being sent to other
domains, but for emails targetting at local addresses - exim matched
them against the list of domains in local_domains (eg. kaffe.org), and
didn't bounce the messages.
This is particularily annoying, because it means that viruses can forge
a from address that exists on kaffe.org (eg. jim at kaffe.org,
kaffe at kaffe.org) and send it to the mailing list, or another user on
kaffe.org.
I turned on sender_verify yesterday, so at least it now bounces emails
that try to use non-existent addresses.
I was thinking that perhaps I could add a director that would bounce
email from @kaffe.org addresses recieved via non-authenticated SMTP. For
such a generic problem though, that seems somewhat strange. I couldn't
find anybody via google that advocated doing that.
Maybe if I add SPF support to the server? I wanted to do that
eventually anyways.
http://spf.pobox.com/
It would be nice if I was just missing something simple in my exim
config.
Otherwise, be aware that email from @kaffe.org email addresses sent to
the mailing lists may not always be what they seem.
Cheers,
- Jim
More information about the kaffe-siteadmin
mailing list