exim4 defer needs new /defer_no option to fix
This is a discussion on exim4 defer needs new /defer_no option to fix within the alt.comp.mail.exim forums, part of the Mail Servers and Related category; To prevent remote circumvention of checks a /defer_no option is needed. This is important for spam and malware which deal ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-20-2006
|
|||
|
|||
exim4 defer needs new /defer_no option to fix
To prevent remote circumvention of checks a /defer_no option is needed.
This is important for spam and malware which deal specifically with remote attacks. It would also be useful for reverse_host_lookup, helo and sender verify. The use of DNS RCODE 2(SERVFAIL) is being used to enable remote to spoof a session with exim4. Trinary logic did exist <http://xyzzy.freeshell.org/trinary/> Trinary Computer Systems. Copyright (C) 2003-2005 Jeff Connelly. The trinary, true false or maybe logic may also be called ternary or tertiary. You can have as many levels as you like just as actions discard, deny, defer, warn, accept could be related to confidence in the SMTP session or message, however Boolean logic has been well explored by Turing and many others and would be best if tests were either true or false and another binary test could be conditionally performed where it is required. The binary test: condition = ${if eq{$TRINARYBUGFIX}{}{no}{yes}} The conditional test: condition = ${if eq{$malware_name}{}{no}{yes}} It would be good to deny clamav ERROR or no response, but discard clamav FOUND. This is so admin can get feedback if scanner really has died. I may have managed to implement this trinary result with guards, but to test I need to break my scanner. Could this work? (I am running it any way): - : TRINARYBUGFIX = acl_m3 ACL_SCANNER = acl_m0 : acl_check_data: : # Note spam, malware, reverse_host_lookup, helo and sender should all # be /defer_no by default as spammers are using DNS RCODE 2(SERVFAIL) # to successfully spoof Exim4 sessions. Both spam and malware are # circumvented with timeouts. THIS IS A SECURITY ISSUE. # defer trinary logic bug work around warn set TRINARYBUGFIX = \ $sender_address_local_part@$sender_host_name\ [$sender_host_address] using warn set ACL_SCANNER = clamd:/var/run/clamav/clamd.ctl !malware = * set TRINARYBUGFIX = discard condition = ${if eq{$TRINARYBUGFIX}{}{no}{yes}} condition = ${if eq{$malware_name}{}{no}{yes}} log_message = $TRINARYBUGFIX \ $malware_name deny condition = ${if eq{$TRINARYBUGFIX}{}{no}{yes}} condition = ${if eq{$malware_name}{}{yes}{no}} message = malware scan failed log_message = $TRINARYBUGFIX \ malware that has circumvented scanner : accept ... 
|
|
03-20-2007
|
|||
|
|||
|
Auth SMTP Exim MySQL - Freebsd
Hi All
I need to set up an auth smtp mailserver. Exim seems to be the sensible choice and MySQL would be a handy place to keep the user/pwords. I have found myriad articles all doing it in a different way and none of the actually work straight off the page for FreeBSD. Help. Do I need SASLauthd for example or can I just use Exim and Mysql? Thanks for your time, if I get this resolved I will type up a short how to.
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 11:18 PM.
