[Exim] Relay Attack help

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Iain Gray
Dátum:  
Címzett: exim-users
Tárgy: [Exim] Relay Attack help
Hi

I wonder if I could ask for help at trying to stop a spammer using us as
a relay. I say relay, but I am not convinced that that is what is
happenning.

The symptoms we are getting is just bounced mails from addresses
that dont exist. The bounce comes to us because it has a From and
Reply-to header of
xyz123@??? (or any such similar garbage local part).

The relay parts of the exim.conf are

relay_domains = "ant.co.uk:*.ant.co.uk"
relay_domains_include_local_mx = false

so we shouldn't relay anyone (should we??)

Below are the headers from a bounced mail and it does not show anything
from our domain. Can anyone decipher these headers and shed any light on
what is happenning here.


--------------------------------------------------------------------------------------
Return-Path: Qm39j9RsR@???
Received: from ussun2m.glaxo.com ([152.51.20.99])
         by usav01.glaxo.com (UCX V4.2-21C, OpenVMS V6.2 VAX);
        Wed, 19 Apr 2000 15:52:31 -0400
Received: by ussun2m.glaxo.com id PAA12709; Wed, 19 Apr 2000 15:51:59
-0400 (EDT)
From: Qm39j9RsR@???
Received: by firewall1.glaxowellcome.com; id PAA09170; Wed, 19 Apr 2000
15:52:11 -0400 (EDT)
Received: from mk.intermik.tpnet.pl(195.116.231.129) by
firewall1.glaxowellcome.com via smap (V5.5)
        id xma009003; Wed, 19 Apr 00 15:51:35 -0400
Received: from Uo5P9K8w0 (ppp-45.tnt-2.hou.smartworld.net
[64.38.20.205])
        by mk.intermik.tpnet.pl (8.9.3/8.8.7) with SMTP id WAA13423;
        Wed, 19 Apr 2000 22:55:46 +0200
DATE: 19 Apr 00 2:45:47 PM
Message-ID: <lJgbYX55PH>
Received: From 100.106.207.2(mailco.com.mx) by nelson.co.jp;Wed, 19 Apr
2000 14:45:47 -400 (EDT)
SUBJECT: COMPLETE ONLINE BUSINESS!!!
---------------------------------------------------------------------------------------
I have a suspicion that the spammer is just faking the Reply-to and From
headers. Is this right? And if so how do we stop this?


Thanks

Iain