Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Getting past receiver_verify?
scott at smnolde
Jun 4, 2002, 1:10 PM
Post #1 of 4 (928 views)
Permalink
I had a spam email enter my exim server and get to my account, but the To:
header wasn't the proper account at all.

Some of you may have already received this spam, but i'd be very
interested if someone has information as to why this email got past
receiver_verify?

Here's the headers as I received them:
Re: Getting past receiver_verify? [ In reply to ]
gward at mems-exchange
Jun 4, 2002, 1:24 PM
Post #2 of 4 (909 views)
Permalink
On 04 June 2002, Scott M. Nolde said:
> I had a spam email enter my exim server and get to my account, but the To:
> header wasn't the proper account at all.
>
> Some of you may have already received this spam, but i'd be very
> interested if someone has information as to why this email got past
> receiver_verify?

Because receiver_verify looks at the envelope recipient, not the header
recipient:

> Here's the headers as I received them:
> From lmn332@wongfaye.com Tue Jun 04 11:31:16 2002
> Return-path: <lmn332@wongfaye.com>
> Envelope-to: scott@munged.com
^^^^^^^^^^^^^^^^
Presumably this passed sender_verify.

[...]
> To: togo2903d@smnolde.com
^^^^^^^^^^^^^^^^^^^^^

This is irrelevant to sender_verify.

No, you should not reject messages with a "To" header not pointing at
your domain -- that would prevent users at your site from subscribing to
most mailing lists!

Greg
--
Greg Ward - software developer gward@mems-exchange.org
MEMS Exchange http://www.mems-exchange.org
Re: Getting past receiver_verify? [ In reply to ]
reed at wcug
Jun 4, 2002, 1:27 PM
Post #3 of 4 (908 views)
Permalink
On Tue, 4 Jun 2002, Scott M. Nolde wrote:

> I had a spam email enter my exim server and get to my account, but the To:
> header wasn't the proper account at all.
>
> Some of you may have already received this spam, but i'd be very
> interested if someone has information as to why this email got past
> receiver_verify?

> Envelope-to: scott@munged.com

What placed this header? Anyways, receiver_verify works with RCPT TO
recipients. (So is that address valid?)

> To: togo2903d@smnolde.com

This is not applicable. The recipient address on the envelope is used, not
the opening address salutation in the letter itself.

Jeremy C. Reed
Re: Getting past receiver_verify? [ In reply to ]
scott at smnolde
Jun 4, 2002, 1:50 PM
Post #4 of 4 (912 views)
Permalink
Greg Ward(gward@mems-exchange.org)@2002.06.04 16:24:46 +0000:
> On 04 June 2002, Scott M. Nolde said:
> > I had a spam email enter my exim server and get to my account, but the To:
> > header wasn't the proper account at all.
> >
> > Some of you may have already received this spam, but i'd be very
> > interested if someone has information as to why this email got past
> > receiver_verify?
>
> Because receiver_verify looks at the envelope recipient, not the header
> recipient:
>
> > Here's the headers as I received them:
> > From lmn332@wongfaye.com Tue Jun 04 11:31:16 2002
> > Return-path: <lmn332@wongfaye.com>
> > Envelope-to: scott@munged.com
> ^^^^^^^^^^^^^^^^
> Presumably this passed sender_verify.
>
> [...]
> > To: togo2903d@smnolde.com
> ^^^^^^^^^^^^^^^^^^^^^
>
> This is irrelevant to sender_verify.
>
> No, you should not reject messages with a "To" header not pointing at
> your domain -- that would prevent users at your site from subscribing to
> most mailing lists!
>
> Greg
> --
> Greg Ward - software developer gward@mems-exchange.org
> MEMS Exchange http://www.mems-exchange.org
>
> --

Ok, thanks for the clue. I wasn't thinking about creating a filter based
on the To: header, but thanks for the info. I've LARTed the offending IP
address and added the offending spamvertized domain to my spammers list.

--
Scott Nolde
GPG Key 0xD869AB48

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal