Unfortunately, I've just receieved a piece of UCE from an exim site
which isn't configured to prevent relaying:
Received: from cyberfun.ca [142.176.13.5]
by mail.istar.ca with smtp (Exim 1.651 #9)
id 0x6yNU-0002V3-00; Fri, 5 Sep 1997 09:24:49 -0400
I think various people are already putting together sample
configuration files for exim an so on, but could we please have
the default exim configuration have a line like:
sender_host_reject_relay = "*"
I feel that shipping exim configured as a relay "out of the box"
these days is going to cause more trouble than it's worth, I'm
afraid[1]. At a minimum, we should include in the sample configuration
a large warning sign, followed by an example of how to prevent
relaying.
Another option which shuold probably be given much the same treatment
is "helo_verify_nets", which (I think) will cause the "Received:"
header to contain the reverse lookup of the IP address, as opposed
to what is actually given in the "HELO" command. Perhaps there
should be another string expansion which could then be used to log
what was said at HELO time in the Received header...
-Dom
[1] That's what comes from reading abuse@??? :-(
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/
