Differences

This shows you the differences between two versions of the page.

--- exim4:reject_emails_with_many_to_cc_recipients [2016/11/02 09:28] – created peter
+++ exim4:reject_emails_with_many_to_cc_recipients [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Exim4 - Reject emails with many To/Cc recipients ======
-First, it is important that you understand that a customer can send an email with 1 address in the To header but actually send it to 1000 people if they figure out how to abuse it just right. Counting the number of email addresses in the To: or Cc: header does not guarantee that you'll block emails that a customer is sending. You'll only block their emails if they abuse your system in a naive way. However, you stated that they are just putting everything in the To field (i.e. the naive way), so the rest of this answer assumes that's the way the data is being submitted to your Exim server.
+How to prevent emails being sent to huge mailing lists or stopping messages when users have used reply-all against a massive list of users.
-Now, to answer your question directly as you asked it: In the DATA ACL (only in the DATA ACL!), you can check the number of email addresses in the To or Cc header by a two step process. To test these headers, you access it with $h_To: and $h_Cc: The trailing colon is required. Let's assume that the To: header is:
+**WARNING**:  An email with 1 address in the To header can actually be sent to multiple email addresses if the email system is abused.  For instance a group email address.  Counting the number of email addresses in the To: or Cc: header therefore does not guarantee that you'll block emails that are being sent to many people.
+In the **DATA ACL** (only in the DATA ACL!), you can check the number of email addresses in the To or Cc header by a two step process.  To test these headers, you access it with **$h_To:** and **$h_Cc:**  **NOTE**:  The trailing colon is required. Let's assume that the To: header is:
 <code>
-"Org user" <todd@example.org>,<tlyons@example.com>,"Todd Lyons" <todd@example.net>
+"Test user" <john@example.org>,<jsmith@example.com>,"John Smith" <johnsmith@example.net>
 </code>
-With this example, I'll show you what each step of the two step process does:
-# Step 1: To header converted to a (colon-separated) list
+===== Step 1: To header converted to a (colon-separated) list =====
 <code bash>
-$ exim -be '${addresses:"Org user" <todd@example.org>,<tlyons@example.com>,"Todd Lyons" <todd@example.net>}'
+$ exim -be '${addresses:"Test user" <john@example.org>,<jsmith@example.com>,"John Smith" <johnsmith@example.net>}'
-todd@example.org:tlyons@example.com:todd@example.net
+john@example.org:jsmith@example.com:johnsmith@example.net
 </code>
-# step 2: Now count the number of list items
+===== step 2: Now count the number of list items =====
 <code>
-$ exim -be '${listcount:${addresses:"Org user" <todd@example.org>,<tlyons@example.com>,"Todd Lyons" <todd@example.net>}}'
+$ exim -be '${listcount:${addresses:"Test user" <john@example.org>,<jsmith@example.com>,"John Smith" <johnsmith@example.net>}}'
 </code>
-With current versions of exim (4.82), what this will ultimately look like in your DATA ACL will be something like this:
+With current versions of Exim (4.82), what this will ultimately look like in your **DATA ACL** will be something like this:
 <file>
@@ Line 32: / Line 35: @@
 </file>
-If you are using an older version, such as what's in Debian stable, you can use an older version that iterates over the list and increments a counter:
+If you are using an older version you can use an older version that iterates over the list and increments a counter:
 <file>
@@ Line 39: / Line 42: @@
 </file>
-Note that in both cases above, the {yes}{no} portion is superfluous.  The return of the ${if...} statement is always going to be a true or false, so with this in mind, you can leave it off if you want.  I prefer to explicitly put it in because it makes it more readable (to me, and to any who might follow me and have to read this code).
+Note that in both cases above, the **{yes}{no}** portion is superfluous.  The return of the **${if...}** statement is always going to be a true or false, so with this in mind, you can leave it off if you want.  I prefer to explicitly put it in because it makes it more readable (to me, and to any who might follow me and have to read this code).