[Exim] Why does my configuration file allow this relaying?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Stanier A M
Date:  
À: exim-users
Sujet: [Exim] Why does my configuration file allow this relaying?
We have a number of machines on campus, outside our control. Some
of these [for example, msun11] have open relays. So, to protect ourselves
from having the University's main mail systems added to RBLs, we
have a list of known open relays on campus, and configure exim not to
relay from any of these. The relevant part of our configuration file
reads:



sender_net_reject_relay = /essex.d/exim/config/open.relays
sender_net_accept_relay = 155.245.0.0/16
relay_domains = essex.ac.uk:*.essex.ac.uk:exchange0:exchange1:ugmail:pgmail:staffmail:esestud:esestaff

and open.relays contains


155.245.220.193/32    # msun4
155.245.220.198/32    # msun8
155.245.221.16/32    # msun11
155.245.221.3/32    # msun6
    etc





This worked fine until today, when we were told that msun11 had been
found to be an open relay, relaying thru seralph10.essex.ac.uk

The relay test which illustrates this problem follows:

>From sender@???  Mon Aug 30 09:46:33 1999
> Received: from seralph10.essex.ac.uk (seralph10.essex.ac.uk [155.245.240.160])
>     by mail2.manawatu.net.nz (8.9.3/8.9.3) with ESMTP id JAA27492
>     for <orbs-relaytest@???>; Mon, 30 Aug 1999 09:46:32 +1200
> X-Remote-IP: 155.245.240.160
> Received: from msun11.essex.ac.uk ([155.245.221.16] helo=msun11.ac.uk)
>     by seralph10.essex.ac.uk with smtp (Exim 2.05 #3)
>     id 11LCmT-00013l-00
>     for orbs-relaytest@???; Sun, 29 Aug 1999 22:46:29 +0100
> Received: from relaytest.orbs.org by msun11.ac.uk (SMI-8.6/SMI-SVR4)
>     id WAA19786; Sun, 29 Aug 1999 22:46:41 +0100
> Date: Sun, 29 Aug 1999 22:46:41 +0100
> From: sender@???
> To: <orbs-relaytest@???>
> X-Token: hcmpniyryhzfnisy
> X-Envelope-Sender: <sender@???>
> X-Envelope-Recipient: <orbs-relaytest%manawatu.co.nz@???>
> Message-Id: <155.245.221.16@???>
> Subject: ORBS Relay Test - 155.245.221.16



And mainlog of seralph10 contains


1999-08-29 22:36:00 refused relay (host reject) to <orbs-relaytest@???> from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:36:01 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:40:14 refused relay (host reject) to <orbs-relaytest@???> from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:40:15 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:42:18 refused relay (host reject) to <orbs-relaytest@???> from <sender@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:44:23 refused relay (host reject) to <orbs-relaytest@???> from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:44:24 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:46:30 11LCmT-00013l-00 <= sender@??? H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16] P=smtp S=1308 id=155.245.221.16@???
1999-08-29 22:46:34 11LCmT-00013l-00 => orbs-relaytest@??? R=lookuphost T=remote_smtp H=mail2.manawatu.net.nz [202.36.148.21]
1999-08-29 22:48:37 refused relay (host reject) to <orbs-relaytest@???> from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:48:37 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:50:43 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:52:52 refused relay (host reject) to <orbs-relaytest@???> from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:52:53 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:55:00 verify failed for SMTP recipient manawatu.co.nz!orbs-relaytest@??? from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:55:00 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:57:07 refused relay (host reject) to <orbs-relaytest@???> from <sender@???> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]
1999-08-29 22:57:08 refused relay (host reject) to <sender@???> from <Mailer-Daemon@msun11> H=msun11.essex.ac.uk (msun11.ac.uk) [155.245.221.16]





So while most were rejected just as I expect, the one timestamped
22:46:30 managed to get thru. Presumably the tests now include a
form of address that my configuration doesn't stop.

Can anyone suggest how I guard against this?

Thanks