Re: [Exim] Relaying Question

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: snurt
CC: exim-users
Subject: Re: [Exim] Relaying Question
On Fri, 16 Aug 2002 snurt@??? wrote:

> Hi All,
>
> I have just ran nessus on my server, which I thought was properly
> configured to not be a spam relay... and it reported the following:
>
>
> The remote SMTP server allows anyone to
> use it as a mail relay, provided that the source address
> is set to '<>'.
> This problem allows any spammer to use your mail server
> to spam the world, thus blacklisting your mailserver, and
> using your network resources.
>
> Risk factor : Medium
>
> Solution : reconfigure this server properly
> CVE : CVE-1999-0819
>
> My relay config section is:
> relay_domains =
> host_accept_relay = localhost : XX.XX.XX.XX : XX.XX.XX.XX
> no_relay_domains_include_local_mx
> no_relay_match_host_or_sender
>
> Where XX's relate to my external IP's


What do you mean your 'external' IP's ?

host_accept relay specifies that if a connection comes from any of the
hosts/IP's listed, that host is allowed to send mail anywhere.

If you have exim behind a firewall in such a manner that the firewall is
proxying the connection, you exim will see all connections from the
outside as coming from the firewall. If you tell it the firewall is in
host_accept_relay, then yes, any host will be able to relay.

You either need to NOT list the firewall IP in host_accept_relay, and
ensure any connections which *can* relay by virtue of IP address do not
go through the firewall, or turn off any proxying the firewall is doing,
so that outside connections come directly to exim without anything
inbetween.


>
> Have I missed something glaringly obvious in the documentation ?
>
> Thanks for any info..pointers or telling me that I need glasses and to
> read the faq :)
>
> Andy
>
>
>
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>