Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Please help me with my ACL to deal with empty From: headers

 

 

exim users RSS feed   Index | Next | Previous | View Threaded


web at iszczecin

Mar 27, 2012, 5:40 PM

Post #1 of 17 (1457 views)
Permalink
Please help me with my ACL to deal with empty From: headers

Hi

I would like to deny messages with empty From headers.

I found such ACL:

deny message = Header From exist, but not have a valid address
condition = ${if def:h_from: {yes}{no}}
condition = ${if or { \
{ eq{${address:$h_from:}}{} } \
{ eq{${domain:$h_from:}}{} } \
{ eq{${local_part:$h_from:}}{} } \
} {yes}{no}}


but this does not work, if someone sends email with more than 1 email
address in From:, for example:

From: abcinfo [at] web , abcint [at] web

Also it does not work if From: looks like:

From: <email [at] addres>

(of course @address is valid domain name eg. gmail.com)

Can you tell me how can I reject email ONLY if there would be 100% empty
From: header like:

To: my-email [at] domai
From:
Subject: Some beauty subject
Reply-path: sender [at] emai
Envelope-To: my-email [at] domai

?

Any idea would be appreciated.

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Mar 28, 2012, 2:49 AM

Post #2 of 17 (1430 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

Hi

> addresslist sender1 = :
> acl_smtp_mail = acl_check_mail
>
> and then put this in your acl section
>
> acl_check_mail:
> deny senders = +sender1
> message = Empty envelope senders not allowed through this server
>
>

Will this cover From: header or only Envelope header (as wrote in your
message)?
What about 2 email addresses in From:?

I've tried to build this ACL based on condition , I don't have much
experience with acl_smtp_mail.

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim at u61

Mar 28, 2012, 3:25 AM

Post #3 of 17 (1439 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On Wed, 2012-03-28 at 02:40 +0200, web [at] iszczecin wrote:

>
> I would like to deny messages with empty From headers.

I use this test to reject mail with MISSING From: headers.





acl_smtp_data = acl_check_data

#---------------------------

acl_check_data:

deny message = [2D2] 'From:' header missing.
condition = ${if !def:h_From: {1}}



With my test, if the From: header exists but is empty, the email will be
accepted. In reality that never occurs, certainly not on my systems.



--
Paul.
England,
EU.



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


Lena at lena

Mar 28, 2012, 4:11 AM

Post #4 of 17 (1417 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

> From: <web [at] iszczecin>

> I would like to deny messages with empty From headers.

Instead I use:

deny !senders = MAILER-DAEMON [at] spamgourmet : \N^\w+@slando\.\N
!verify = header_sender

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Mar 28, 2012, 11:04 AM

Post #5 of 17 (1415 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

>
> On Wed, 2012-03-28 at 02:40 +0200, web [at] iszczecin wrote:
>
>>
>> I would like to deny messages with empty From headers.
>
> I use this test to reject mail with MISSING From: headers.
>
>

Hi

In my situation - I don't need to reject mail without From: header, but I
want to reject mails, when From: is empty, so it looks like:

From:

There is no email address in From: header. I look for ACL which will deny
such messages.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Mar 28, 2012, 5:53 PM

Post #6 of 17 (1419 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On 2012-03-28 at 20:04 +0200, web [at] iszczecin wrote:
> There is no email address in From: header. I look for ACL which will deny
> such messages.

deny condition = ${if ={0}{${strlen:${addresses:$h_From:}}}}

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Mar 30, 2012, 1:24 AM

Post #7 of 17 (1408 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

>
> deny condition = ${if ={0}{${strlen:${addresses:$h_From:}}}}
>
> -Phil

Hi

I've tried your soluton, but it also deny messages with such From:

From: user [at] domain<user [at] domain>

(so email address followed by email address in <>, without any spaces
between them)


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Mar 30, 2012, 1:58 PM

Post #8 of 17 (1411 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On 2012-03-30 at 10:24 +0200, web [at] iszczecin wrote:
> I've tried your soluton, but it also deny messages with such From:
>
> From: user [at] domain<user [at] domain>
>
> (so email address followed by email address in <>, without any spaces
> between them)

That's not a valid format, so there's nothing there that should be
recognised as an address.

Take my suggestion, drop the "${addresses:" and matching "}" and just do
a strlen test against the contents of the header, if you don't care
about what the content is and any garbage will do.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Mar 30, 2012, 4:43 PM

Post #9 of 17 (1404 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

> Take my suggestion, drop the "${addresses:" and matching "}" and just do

Hi

so you suggest:

condition = ${if ={0}{${strlen:$h_From:}}}

?

Mike

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Mar 30, 2012, 6:31 PM

Post #10 of 17 (1398 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On 2012-03-31 at 01:43 +0200, web [at] iszczecin wrote:
> so you suggest:
>
> condition = ${if ={0}{${strlen:$h_From:}}}

Yes; although you might also want $rh_From: to avoid some parsing which
doesn't matter and shouldn't be done for junk mail to be discarded.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Mar 31, 2012, 7:11 AM

Post #11 of 17 (1389 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

>> condition = ${if ={0}{${strlen:$h_From:}}}

Hi

It does not work if From: is:

"From: "

so after From: header name there is 1 space.

How can I modify it to cover for example all From: headers which has less
than 2 signs?

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Mar 31, 2012, 3:27 PM

Post #12 of 17 (1390 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On 2012-03-31 at 16:11 +0200, web [at] iszczecin wrote:
> >> condition = ${if ={0}{${strlen:$h_From:}}}

> How can I modify it to cover for example all From: headers which has less
> than 2 signs?

I'm not sure what you mean by "signs".

The documentation is around here:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpcond

which will show you all the comparisons you can do (more if you scroll
down) and transformations you can do (if you scroll up).

The "not stripping space" is if you use $rh_From: -- this is explained
in the description of the variable (scroll up); you can use $bh_From: to
strip off whitespace, do some transformations but still do less than
normal. You can then use <{2}{${strlen:$bh_From:}} for instance.

The language is powerful and you'll get the most benefit by looking
through to the documentation around the link I gave above, to get a feel
for what sorts of things can be done.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Apr 2, 2012, 6:10 AM

Post #13 of 17 (1368 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

Hi,

I've put condition you have suggested:

condition = ${if <{2}{${strlen:$bh_From:}}}

but it does not catch From: which is build as:

"From: "

so From: + 1 whitespace

Do you have any other idea?

I have right now problems with SPAM which has only 1 whitespace after From:
and To: header definition.

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


tlyons at ivenue

Apr 2, 2012, 6:51 AM

Post #14 of 17 (1370 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On Mon, Apr 2, 2012 at 6:10 AM, <web [at] iszczecin> wrote:
> Hi,
>
> I've put condition you have suggested:
>
> condition       = ${if <{2}{${strlen:$bh_From:}}}
>
> but it does not catch From: which is build as:
>
> "From: "
>
> so From: + 1 whitespace
>
> Do you have any other idea?

You must not understand what the above condition is doing. It is
comparing the number "2" to the result of "${strlen:$bh_From:}", which
is 2. If you want it to match if it's 2 or bigger, then change the
<{2} comparison to <={2}, or you can also just write <{1}, which is
effectively the same thing. If that doesn't make sense to you, ask
for a followup explanation.

...Todd
--
Always code as if the guy who ends up maintaining your code will be a
violent psychopath who knows where you live. -- Martin Golding

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


exim-users at spodhuis

Apr 2, 2012, 7:32 AM

Post #15 of 17 (1373 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

On 2012-03-31 at 15:27 -0700, Phil Pennock wrote:
> The "not stripping space" is if you use $rh_From: -- this is explained
> in the description of the variable (scroll up); you can use $bh_From: to
> strip off whitespace, do some transformations but still do less than
> normal. You can then use <{2}{${strlen:$bh_From:}} for instance.

Oops! This is for a deny, so you want to deny if the length is less
than two characters, so that should be:

deny condition = ${if >{2}{${strlen:$bh_From:}}}

This is my fault, not yours, as I wrote in a hurry. Sorry.

--Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Apr 2, 2012, 8:05 AM

Post #16 of 17 (1379 views)
Permalink
Re: Please help me with my ACL to deal with empty From: headers [In reply to]

Hi

So this condition:

condition = ${if >{2}{${strlen:$bh_From:}}}

will deny messages if From: header is less than 2 signs? I will give it a
try now.

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


web at iszczecin

Apr 5, 2012, 5:41 PM

Post #17 of 17 (1697 views)
Permalink
Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [In reply to]

HI

Since 8 days, I recive very strange errors in exim_mainlog:

Here are some recent examples:

2012-04-06 02:33:30 TLS error on connection from (localhost) [74.79.177.106]
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol
2012-04-06 02:34:46 TLS error on connection from (localhost)
[186.182.196.246] (SSL_accept): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2012-04-06 02:35:32 TLS error on connection from (localhost) [173.21.9.179]
(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol
2012-04-06 02:36:02 TLS error on connection from (localhost)
[119.77.234.116] (SSL_accept): error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Everytime there is (localhost) [IP] connection scheme, and there is error
140760FC with the same message, while IPs in [...] are different.

My server accept TLS connections. I've checked many of IPs from such errors,
and all of them was some sort of dictionary attackers, open relay mail
servers etc. Also non of my users reported that they missed any emails.

I don't know if there is some sort of attack to my server? Is there any way
to know what domain they try to connect? I tried to tcpdump packed while
this error becames, and the only thing I found that they send QUIT very soon
after connection, this is something I catch on 25 port just before error
became:

02:19:04.416765 IP 201.231.132.235.cp-spxsvr > MY_SERVER_IP.smtp: Flags
[P.], seq 2509958694:2509958700, ack 3637536753, win 65182, length 6
0x0000: 4500 002e c092 4000 6a06 9611 c9e7 84eb E.....@.j.......
0x0010: b009 bb49 1119 0019 959a ee26 d8d0 67f1 ...I.......&..g.
0x0020: 5018 fe9e 7998 0000 5155 4954 0d0a P...y...QUIT..

Mike


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.