[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: percent-hack - any plans?

To: Matti Aarnio <mea@nic.funet.fi>
Subject: Re: percent-hack - any plans?
From: Eugene Crosser <crosser@online.ru>
Date: Wed, 16 Jun 1999 17:20:55 +0400 (MSD)
cc: zmailer@nic.funet.fi
In-Reply-To: <19990616124018Z1592-28069+485@nic.funet.fi>
Reply-To: Eugene Crosser <crosser@online.ru>
Sender: crosser@ariel.sovam.com

On 16-Jun-99 at 16:56, Matti Aarnio (mea@nic.funet.fi) wrote:

> > do you have plans to make "reject-percent-hack" work any time soon?
> > As ORBS now checks for relaying with ...%...@... type of addresses,
> > it is quite pressing...  I think that I could try to look into it if
> > you are not doing it right now :)

>          Version 2.99.50-s19
> 
> .......
> 
> 1999-06-03  Matti Aarnio  <mea@mea.tmt.tele.fi>
> 
>      * smtpserver/policytest.c:
>          - Ignore possible 'relaycustomer +' attribute
>          - Autodetect locally active IP interfaces so
>            that a recipient address of  <foo@[1.2.3.4]>  will
>            be successfully matched without having that entry
>            in the  smtp-policy.mx  file..
>          - Do <bar%foo.fi%mea.tmt.tele.fi@[127.0.0.1]> processing
>            fully, and detect that  "foo.fi"  is not acceptable
>            target domain...  (For RCPT TO, that is..)
>          - Some level of '!' path processing implemented..

I got it.  The problem is this: local part is checked for % or ! *only*
if the domain part is among the localnames.  It *should* work against
ORBS check but it does not seem the Right Thing otherwise.  Imagine
we are one.com and we have "relaytarget +" for two.com.  Now, spammer
sends mail to <innocent%aol.com@two.com> through our server.  "two.com"
is not our local name, so we do not check for % / ! and accept mail for
relaying.  Now, when it arrives at two.com, they beleive that it comes
from a trusted address (our "one.com" server), so they accept it for
relaying.  Bad.

It seems more correct to check for percent/bang every time when the
domain part has "relaytarget +", like this (line ~ 1410 in policytest.c):

    while ((relayable = valueeq(state->values[P_A_RELAYTARGET], "+")) &&
           (percent_accept < 0)) {

When I changed P_A_LocalDomain to P_A_RELAYTARGET it began to work the way
I want it.  This is especially important here where I have a bunch of local
virtual domains that are delivered via a special channel but they are
(or course) not in localnames.

What do you think?

Eugene

Follow-Ups:
- Re: percent-hack - any plans?
  - From: Matti Aarnio <mea@nic.funet.fi> (Wed, 16 Jun 1999 16:50:57 +0300)

References:
- Re: percent-hack - any plans?
  - From: Matti Aarnio <mea@nic.funet.fi>

Prev by Date: MX inconsistency problem
Next by Date: No Subject
Prev by thread: Re: percent-hack - any plans?
Next by thread: Re: percent-hack - any plans?
Index(es):
- Date
- Thread