On Wed, 4 Aug 1999 00:53:15 -0600 (MDT), you wrote: >If you have the "relay-domains-include-local-MX = true" in your >/etc/exim.conf file, this is true. It WILL relay for anyone who lists >your machine as an MX for their domain (real, or not). I think this was >the original question.
This is either a bug in the program or in the documentation: | If the domain in a recipient address matches local_domains or | | relay_domains, or if relay_domains_include_local_mx is set and the domain | | has an MX record pointing to the local host, the address is always | | accepted (at least as far as this check is concerned - a subsequent | | verification check might fail it). This is the case of an incoming message | | to a local domain or an incoming relay to a permitted domain. |relay_domains_include_local_mx | | Type: boolean | Default: false | | This option permits any host to relay to any domain that has an MX record | pointing at the local host. It causes any domain with an MX record | pointing at the local host to be treated as if it were in relay_domains. | See host_accept_relay above. Warning: Turning on this option opens your | | server to the possibility of abuse in that anyone with access to a DNS | | zone can list your server in a secondary MX record as a backup for their | | domain without your permission. This is not a huge exposure because | | firstly, it requires the cooperation of a hostmaster to set up, and | | secondly, since their mail is passing through your server, they run the | | risk of your noticing and (for example) throwing all their mail away. |The relaying check happens whenever a message's recipient is received, that |is, immediately after a RCPT command. The first check is whether the address |would cause relaying at all: if its domain matches something in local_domains |then it is destined to be handled on the local host as a local address, and |relaying is not involved, unless the 'percent hack' is in use. In this case, |the local part is converted into a new address and that is then checked. | |When the relevant domain is not in local_domains, there is first a check for |legitimate incoming relaying, by seeing if it matches relay_domains, or, when |relay_domains_include_local_mx is set, if it is a domain with an MX record |pointing to the local host. If it does match, this is an acceptable incoming |relay, and it is permitted to proceed. The specification says at three different places that relay_domains_include_local_mx checks are only done on _recipient_ address. Thus, a message is only relayed if the local host has an MX record for the _recipient's_ domain and the spammer can only use the exim host as a relay to spam users in domains the spammer controls the DNS of. It will not relay _FOR_ anyone who lists the exim host as an MX for their domain; it will relay _TO_ anyone who lists the exim host as an MX for their domain. This is a siginificant difference. I am not in a position to test this at the moment, but _if_ exim doesn't behave as the docs say and as I interpreted, this is a severe bug and I've got to ask you why you didn't report it to Philip yet. This is crossposted to the exim-users mailing list for verification. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
