Mailing List Archive: Using sender_address

Using sender_address_relay

Jun 28, 2002, 7:22 AM

Post #1 of 7 (1591 views)

This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hi all,

I am currently using 'sender_address_relay' to control relaying, at the moment, I am trying to clean up the exim.conf, I have started this by creating a file called 'domains' containing a list of local domains and setting local_domains = /etc/domains

Is there a way of using the same domains list file for sender_address_relay instead of:

sender_address_relay = *@domain1.com : *@domain2.com : etc : etc

Regards
Alistair Knight
--

Re: Using sender_address_relay [ In reply to ]

ph10 at cus

Jun 28, 2002, 8:28 AM

Post #2 of 7 (1571 views)

Permalink

On Fri, 28 Jun 2002, Alistair Knight wrote:

[reformatted to shorter lines]

> I am currently using 'sender_address_relay' to control relaying,

Not a good idea. Sender addresses are trivially forged. I wonder if
spammers read this list and pick up admissions like that?

> by creating a file called 'domains' containing a list of local domains
> and setting local_domains = /etc/domains

> Is there a way of using the same domains list file for sender_address_relay instead of:
>
> sender_address_relay = *@domain1.com : *@domain2.com : etc : etc

sender_address_relay = /etc/domains

(Section 7.16 in the Exim 3 manual, 2nd bullet)

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.

Re: Using sender_address_relay [ In reply to ]

alistair at nts-graphics

Jun 28, 2002, 8:40 AM

Post #3 of 7 (1586 views)

Permalink

So what's the best way of controlling relaying, my users can log on from
anywhere, so host_accept_relay is out....

Regards
Alistair

----- Original Message -----
From: "Philip Hazel" <ph10@cus.cam.ac.uk>
To: "Alistair Knight" <alistair@nts-graphics.co.uk>
Cc: <exim-users@exim.org>
Sent: Friday, June 28, 2002 4:28 PM
Subject: Re: [Exim] Using sender_address_relay

> On Fri, 28 Jun 2002, Alistair Knight wrote:
>
> [reformatted to shorter lines]
>
> > I am currently using 'sender_address_relay' to control relaying,
>
> Not a good idea. Sender addresses are trivially forged. I wonder if
> spammers read this list and pick up admissions like that?
>
> > by creating a file called 'domains' containing a list of local domains
> > and setting local_domains = /etc/domains
>
> > Is there a way of using the same domains list file for
sender_address_relay instead of:
> >
> > sender_address_relay = *@domain1.com : *@domain2.com : etc : etc
>
> sender_address_relay = /etc/domains
>
> (Section 7.16 in the Exim 3 manual, 2nd bullet)
>
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
>

RE: Using sender_address_relay [ In reply to ]

jeff at nt

Jun 28, 2002, 8:47 AM

Post #4 of 7 (1577 views)

Permalink

What I did for my network is to hack courier to insert the remote IP address for the customer when they check their email into a mysql table and have exim check for an ip address to allow relaying...A lot like POP before relay as done with sendmail often.

Jeff

-----Original Message-----
From: Alistair Knight [mailto:alistair@nts-graphics.co.uk]
Sent: Friday, June 28, 2002 11:41 AM
To: exim-users@exim.org
Subject: Re: [Exim] Using sender_address_relay

So what's the best way of controlling relaying, my users can log on from anywhere, so host_accept_relay is out....

Regards
Alistair

----- Original Message -----
From: "Philip Hazel" <ph10@cus.cam.ac.uk>
To: "Alistair Knight" <alistair@nts-graphics.co.uk>
Cc: <exim-users@exim.org>
Sent: Friday, June 28, 2002 4:28 PM
Subject: Re: [Exim] Using sender_address_relay

> On Fri, 28 Jun 2002, Alistair Knight wrote:
>
> [reformatted to shorter lines]
>
> > I am currently using 'sender_address_relay' to control relaying,
>
> Not a good idea. Sender addresses are trivially forged. I wonder if
> spammers read this list and pick up admissions like that?
>
> > by creating a file called 'domains' containing a list of local
> > domains and setting local_domains = /etc/domains
>
> > Is there a way of using the same domains list file for
sender_address_relay instead of:
> >
> > sender_address_relay = *@domain1.com : *@domain2.com : etc : etc
>
> sender_address_relay = /etc/domains
>
> (Section 7.16 in the Exim 3 manual, 2nd bullet)
>
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
>

--

## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 6/20/2002

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 6/20/2002

Re: Using sender_address_relay [ In reply to ]

ph10 at cus

Jun 28, 2002, 8:48 AM

Post #5 of 7 (1572 views)

Permalink

On Fri, 28 Jun 2002, Alistair Knight wrote:

> So what's the best way of controlling relaying, my users can log on from
> anywhere, so host_accept_relay is out....

SMTP authentication or authentication via TLS (or a combination). Or one
of the many "POP before SMTP" hacks.

--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.

Re[2]: Using sender_address_relay [ In reply to ]

rwelty at suespammers

Jun 28, 2002, 8:53 AM

Post #6 of 7 (1575 views)

Permalink

On Fri, 28 Jun 2002 16:40:44 +0100 Alistair Knight <alistair@nts-graphics.co.uk> wrote:

> So what's the best way of controlling relaying, my users can log on from
> anywhere, so host_accept_relay is out....

if possible, set up the submit port (587) and have your users submit
through it, using SMTP AUTH. leave traditional port 25 completely locked
down.

second best is to set up SMTP AUTH on port 25, and only permit relay for
those who successfully authorize with it.

if your user base has any sophistication, then another alternative is to
install ssh on their remote systems and tunnel the SMTP connections so they
come from localhost on the mail transport system.

richard
--
Richard Welty
rwelty@suespammers.org Averill Park Networking
rwelty@averillpark.net Unix, Linux, IP Network Engineering, Security
rwelty@krusty-motorsports.com 518-573-7592

Re: Using sender_address_relay [ In reply to ]

dsh8290 at rit

Jun 28, 2002, 12:11 PM

Post #7 of 7 (1574 views)

Permalink

--
On Fri, Jun 28, 2002 at 11:53:23AM -0400, Richard Welty wrote:

| second best is to set up SMTP AUTH on port 25, and only permit relay for
| those who successfully authorize with it.

Just curious, why is this second best? With exim 4 you can also
restrict AUTH to TLS-enabled connections.

| if your user base has any sophistication,

Not a necessary requirement. Both putty and teraterm (windows ssh
clients) can be set up with "profiles" so that the user merely needs
to click a shortcut on their desktop. The rest is "magic" and Just
Works. (once the MUA is set to use 'localhost' as the server)

| then another alternative is to install ssh on their remote systems
| and tunnel the SMTP connections so they come from localhost on the
| mail transport system.

This is a pretty decent solution, IMO, if the users have shell
accounts.

-D

--

Contrary to popular belief, Unix is user friendly.
It just happens to be selective about who it makes friends with.
-- Dave Parnas

http://dman.ddts.net/~dman/

--
[ Content of type application/pgp-signature deleted ]
--