diff options
| author | Phil Pennock <phil+git@pennock-tech.com> | 2020-10-29 22:14:45 -0400 |
|---|---|---|
| committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2021-05-27 21:30:20 +0200 |
| commit | 7411ebe05198d5365557b6c982b76ceb9e843894 (patch) | |
| tree | f95119d6243cab7629c2db62a13adc6e5242d279 | |
| parent | 25cd313cfb1f29f179319daf81de63e989d442a7 (diff) | |
Default config: reject on too many bad RCPT
An example exploit failed against my system, because I had this sanity guard in
place; it's not a real security fix since a careful attacker could find enough
valid recipients to hit that problem, but it highlights that this is a useful
enough pattern that we should encourage its wider use.
(cherry picked from commit 2a636a39fff29b7c3da1798767a510dfed982a62)
(cherry picked from commit 346f96bad326893f9c1fa772a5b8ac35b1f8f7bd)
| -rw-r--r-- | doc/doc-txt/ChangeLog | 2 | ||||
| -rw-r--r-- | src/src/configure.default | 14 |
2 files changed, 16 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c219275fc..d741e3532 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -256,6 +256,8 @@ HS/01 Enforce absolute PID file path name. HS/02 Handle SIGINT as we handle SIGTERM: terminate the Exim process. +PP/01 Add a too-many-bad-recipients guard to the default config's RCPT ACL. + Exim version 4.94 ----------------- diff --git a/src/src/configure.default b/src/src/configure.default index 6127a9bf0..87f255aa9 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -458,6 +458,20 @@ acl_check_rcpt: require verify = sender + # Reject all RCPT commands after too many bad recipients + # This is partly a defense against spam abuse and partly attacker abuse. + # Real senders should manage, by the time they get to 10 RCPT directives, + # to have had at least half of them be real addresses. + # + # This is a lightweight check and can protect you against repeated + # invocations of more heavy-weight checks which would come after it. + + deny condition = ${if and {\ + {>{$rcpt_count}{10}}\ + {<{$recipients_count}{${eval:$rcpt_count/2}}} }} + message = Rejected for too many bad recipients + logwrite = REJECT [$sender_host_address]: bad recipient count high [${eval:$rcpt_count-$recipients_count}] + # Accept if the message comes from one of the hosts for which we are an # outgoing relay. It is assumed that such hosts are most likely to be MUAs, # so we set control=submission to make Exim treat the message as a |