Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 710 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail proxy accepting PERCENTs

BarryG
Astaro's mail proxy is accepting mail in the form:

user%mail.foreigndomain.com@localdomain.com
and possibly
user@mail.foreigndomain.com@localdomain.com

Astaro then either hands this to the internal mailserver or bounces it later or both.

We found this out because ORBS says we are an open relay. I have confirmed that Astaro is at least initially accepting this. It may also be accepting and forwarding other messages from ORBS, I don't know what their full test entails.

Thanks,
Barry
 
 [size="1"][ 30 September 2002, 14:07: Message edited by: barrygould ][/size]


This thread was automatically locked due to age.
  • 0 in reply to ECKEROTH
    Hello alltogether,

    the SMTP relay on ASL doesn't interpret the userID
    of an e-mail address. It cares about the domain
    part only. This is why e-mail with special 
    characters such as "%" or a second "@" can pass
    through. (last "@" marks the domain part - more
    information can be found in the corresponding RFC!)

    The e-mail server behind ASL has to process the
    userID part and must not deliver this suspicious 
    mail.

    Nevertheless to avoid being listed on RBL's you
    can modify the /var/chroot-smtp/etc/exim.conf-default
    as follows:

     SECTION 1 - GLOBAL 

    code:
    receiver_verify = true
    SECTION 3 - DIRECTORS CONFIGURATION 

    code:
    fail_percent:
       driver = smartuser
       local_parts = ^.*[%@"'/]
       new_address = ":fail: no funky characters in addresses here"
    SECTION 4 - ROUTERS CONFIGURATION  
      Has to be on top of the section 

     
    code:
    fail_percent:
       driver = domainlist
       local_parts = ^.*[%@"'/]
       route_list = * 127.0.0.1 byname
       self = local
    Don't forget to restart the SMTP proxy within WebAdmin!

    read you
    o|iver