Strange spam through my server

When I first wrote the SpamBlocker exim.conf file my intent was that whitelist_senders would whitelist just the right side (domain part) of the envelope-sender address.

I just looked at the code again, and I believe that's what it does.

If it does, then it will whitelist anyone sending as, for example, [email protected], even if it was a spoofed address. So no, it's not a good idea to use it except as an emergency measure.

I'm willing to install the code now to allow whitelisting in whitelist_hosts; someone just find for me the code as I'm too busy today to look for it (it's definitely in these forums; maybe in this thread) and I'll make the changes this weekend and present them to John as well, for 4.3.3.

Jeff
 
Not sure it's related, but I've just reworked the whitelists in 4.3.0 a bit.
Back when we added the acl_check_mail ACL (which happens before acl_check_recipient), I didn't move the IP/sender_domain checks to the earlier ACL.

For 4.3.0 alpha 6:
http://files1.directadmin.com/services/SpamBlocker/4.3.0/exim.conf-SpamBlockerTechnology-v4.3.0.txt

I did move the whitelist checks to the earlier acl_check_mail, and if any of the 4 white list cases are true, then a variable is set:
Code: 
[COLOR=#000000]acl_m_is_whitelisted[/COLOR]
which I then use in later ACLs, so that any "drops" are not hit.
The acl_m_is_whitelisted will allow the later ACLs to accept sooner, so a whitelist is truely a whitelist.

I've made a few other comments on those changes here:
http://forum.directadmin.com/showthread.php?t=50059&page=3&p=260066#post260066

John
 
You must log in or register to reply here.
Back
Top