Hi!
I read some threads related to this. But they're trying to block this instead of requiring authentication on the server.
The problem it's the SMTP Server (exim) allows to receive external connections spoofing local domain addresses.
The domain has perfect SPF, DKIM and DMARC registers. That kind of messages are not banned by these technologies because the sender it's not another email server. These are direct connections to the SMTP server like a legal user/owner of an email address managed by that server.
You can test it within a simple telnet to the port 25 on your server running these commands:
I see on stackoverflow a little acl for Exim, but I don't know where I should place it and if it's ok.
serverfault.com
I know this kind of acls should break mails received FROM mailing list. Because SPF and other technologies leave this little hole to continue allow receiving spoofed emails from mailing lists to know which was the real sender of the email sent to the mailing list.
I read some threads related to this. But they're trying to block this instead of requiring authentication on the server.
The problem it's the SMTP Server (exim) allows to receive external connections spoofing local domain addresses.
The domain has perfect SPF, DKIM and DMARC registers. That kind of messages are not banned by these technologies because the sender it's not another email server. These are direct connections to the SMTP server like a legal user/owner of an email address managed by that server.
You can test it within a simple telnet to the port 25 on your server running these commands:
Code:
helo yourdomain.gld<intro>
mail from:<[email protected]><intro>
rcpt to:<[email protected]><intro>
data<intro>
Subject: Spoof test<intro>
Some text here<intro>
.<intro>
<intro>Exim: Force email auth for users of local domains
I'm configuring exim4 for virtual users with dovecot and postgresql and I got a problem I cannot resolve, the situation is this: I need that when a 'localdomain' user tries to send a email to anot...
serverfault.com
Code:
accept
message = must auth
domains = +local_domains : +relay_to_domains
senders = : regex-expresion
