Open "bounce" relay in Exim 3.35

To: debian-user@lists.debian.org
Subject: Open "bounce" relay in Exim 3.35
From: Bill Moseley <moseley@hank.org>
Date: Wed, 17 Sep 2003 13:04:09 -0700
Message-id: <[🔎] 20030917200409.GA10771@hank.org>
Mail-followup-to: moseley@hank.org, debian-user@lists.debian.org

I set up an extra machine to relay mail to another machine (as an MX
backup) using relay_domains.

The problem is that the relaying machine accepts the mail for the domain
regardless of the local part.  But if the localpart doesn't exist on the
final machine then the mail is bounced back to the envelope sender.

If the envelope sender is fake and rejected then the mail is frozen.  
But it also provides a way to send mail (in the form of a bounce) to a 
third party.

In other words, someone could send mail to a fake address at my backup 
MX, and use the Mail From: address the real intended recipient.  They 
would get a bounce, but their message would also be attached.

Short of not running the secondary MX is there a way to prevent this?  
Can I get exim on the secondary to verify the address on the primary MX 
before accepting the mail?  (And if so, what would happen if the primary 
MX was down for a period of time?)

Thanks,


-- 
Bill Moseley
moseley@hank.org

Reply to:

Prev by Date: Re: print HTML in "B" size
Next by Date: valgrind-snapshot packaged (not officially)
Previous by thread: Re: New Kernel Breaks... dhclient?
Next by thread: valgrind-snapshot packaged (not officially)
Index(es):
- Date
- Thread