[SA-exim] SA-Exim Header Question

Jeff Clark jclark at crownofmaine.net
Thu Mar 20 15:03:14 2003


Hi everyone.  Our organization is greatly benefiting from SA-Exim, thanks to
all involved!

Quick question regarding X-SA-Do-Not.... headers:

We currently prevent SA-Exim from scanning our outgoing mail for trusted
subnets/authenticated users by adding to exim.conf:

warn     message         = X-SA-Do-Not-Run: Yes
         hosts           = +relay_from_hosts

warn     message         = X-SA-Do-Not-Run: Yes
         authenticated   = *


This works great.  But I've noticed that if one of our users on one SA-Exim
enabled mail server sends an email to another of our users on another
SA-Exim enabled mail server, SA-Exim doesn't scan the incoming message on
the second mail server because X-SA-Do-Not-Run gets set to Yes as per the
above rule.  This obviously isn't a problem between our two mail servers but
it got me wondering how this all works.  I know people on the list have
raised the concern about what would happen if a spammer put those headers in
their messages.  One suggestion I saw was to, in the sa-exim conf file, set
these headers to something non-guessable.  I'm sure this would work but I'm
a little confused as to why this is needed.  That is, I though SA-Exim was
supposed to strip all X-SA headers before scanning the message anyway?  From
the v 2.2 Changelog: "Now strips any X-SA-Exim-* headers already present in
the message before scanning it."  Furthermore, I was under the impression
from looking at the sample exim.conf on Marc's site that another way to
handle this was to have exim strip off any X-SA headers on incoming smtp
messages with:

headers_remove = "X-SA-Do-Not-Run:X-SA-Exim-Scanned"

in the remote_smtp: transport

But doing this only seems to remove these headers in outgoing smtp mail, not
in incoming smtp mail.  So this wouldn't seem to prevent a spammer from
entering a X-SA-Do-Not... header and fooling sa-exim.

Could someone please explain what the best way to prevent spammers from
fooling sa-exim with forged X-SA-Do-No headers is?  And also dispel any
misconceptions I have about how any of the above mechanisms work?  Thanks!
:)

Jeff






More information about the SA-Exim mailing list