Re: [Exim] Spam test, open relay whatever it was

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Lee Maguire
CC: exim-users
Subject: Re: [Exim] Spam test, open relay whatever it was
On Tue, 19 Feb 2002, Lee Maguire wrote:

> [2002-02-19] Sean Rima wrote:
> > I run exisumm every night and noticed this entry:
> >
> >     1 relaytest%rr.njabl.org@???: unknown local-part
> >           "relaytest%rr.njabl.org" in domain "tcob1.net"

> >
> > I then checked the log and noticed that Exim sent a bounce message back, I
> > can only guess it was for unknown user. If there anyway to tell exim to
> > notice this as a relay attempt and not as an unknown user.


Semantics. As long as it doesnt deliver the message to
"relaytest@???", you are not an open relay. Bouncing the
message should be acceptable to the relay tester. Ideally, instead of
waiting to determine that the address is invalid after you've already
accepted the message, use receiver_verify, to issue

550 rejected: relaytest%rr.njabl.org@???: unknown local-part "relaytest%rr.njabl.org" in domain "tcob1.net"

after the tester issues its RCPT TO command...



>
> Unless you're using percenthack, then it is an unknown user.
> If you need to specificly mark these, then you could try
> something like this at the top of your directors:
>
>   reject_percenthack_relay:
>     driver = smartuser
>     condition = "${if match{$local_part}{.*%.*}{yes}}"
>     new_address = :fail: rejected percent-hack relay attempt

>
> setting "receiver_verify = true" should reject these at transaction
> time, even if you deliver "any local part"@domain.
>
> --
> Lee Maguire <lee@???>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>


--