[Exim] abuse.net relay test giving false positive on exim

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: [Exim] abuse.net relay test giving false positive on exim
Hi!

As you might know, abuse.net offers a relay check service that can be
invoked after registering with them. They claim that their test is the
only test doing all tests that ORBS uses to identify open relays.

However, doing that test on my new exim relay host fails on test
number 6:

|>>> RSET

|<<< 250 Reset OK
|>>> MAIL FROM:<spamtest@???>

|<<< 250 warning: unknown local-part in sender address <spamtest@???>
|>>> RCPT TO:<user-02671%nf.abuse.net@???>

|<<< 250 <user-02671%nf.abuse.net@???> is syntactically correct
|>>> DATA

|<<< 354 Enter message, ending with "." on a line by itself
|>>> (message body)

|<<< 250 OK id=12Pr3X-0000L6-00

The test gives the following log entries:

|2000-02-29 19:07:33 warning: unknown local-part in sender address <spamtest@???> H=www.abuse.net [208.31.42.77] (N32767-32766)
|2000-02-29 19:07:35 12Pr3X-0000L6-00 <= spamtest@??? H=www.abuse.net [208.31.42.77] U=N32767-32766 P=smtp S=1132 id=rlytest-951847625-9900@??? from <spamtest@???> for user-02671%nf.abuse.net@mailrelay .example.com
|2000-02-29 19:07:35 12Pr3X-0000L6-00 ** user-02671%nf.abuse.net@???: unknown local-part "user-02671%nf.abuse.net" in domain "mailrelay.example.com"
|2000-02-29 19:07:35 12Pr3X-0000L8-00 <= <> R=12Pr3X-0000L6-00 U=mail P=local S=2025 from <> for spamtest@??? postmaster
|2000-02-29 19:07:35 12Pr3X-0000L6-00 Error message sent to spamtest@???
|2000-02-29 19:07:35 12Pr3X-0000L6-00 Completed
|2000-02-29 19:07:35 12Pr3X-0000L8-00 ** spamtest@???:unknown local-part "spamtest" in domain "mailrelay.example.com"
|2000-02-29 19:07:36 12Pr3X-0000L8-00 => postmaster@??? R=lookuphost T=remote_smtp H=marilyn.example.com [194.162.80.3] C="250 TAA25654 Message accepted for delivery"
|2000-02-29 19:07:36 12Pr3X-0000L8-00 Frozen (delivery error message)
|2000-02-29 19:09:13 Start queue run: pid=1312
|2000-02-29 19:09:13 12Pr3X-0000L8-00 Message is frozen
|2000-02-29 19:09:13 End queue run: pid=1312

So basically, exim accepts the message to find out milliseconds later
that the local part doesn't exist. It tries to generate a bounce to a
non-existent local address and then proceeds to freeze that bounce.

mailrelay.example.com is a local_domain on the machine, only director
is an aliasfile director that only contains mappings for abuse and
postmaster, redirecting abuse|postmaster@??? to
abuse|postmaster@???, whose MX is a different machine (the old
sendmail box).

Why does exim accept that message while directing could take place
immediately during the SMTP dialog, faciliating rejection of the
message at that time? Is there some configuration that can be changed?

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29