Re: [Exim] i'm an open relay apparently

Top Page
Delete this message
Reply to this message
Author: Tabor J. Wells
Date:  
To: Ben Lutgens
CC: exim-users
Subject: Re: [Exim] i'm an open relay apparently
On Mon, Aug 26, 2002 at 04:34:14PM -0500,
Ben Lutgens <blutgens@???> is thought to have said:

> According to ORDB I'm an open-relay despite all my attempts to prevent
> this. It appears that it seems to think that my mailer will take mail
> addressed to "marvin@??? and send it on to
> it's destination. I'm seeing alot of the following in my logs (including
> the message that is listed on the ordb website that supposedly made it
> through (17jQuO-00012Q-00) Check this out.


It will, the last entry of your logs shows you accepting that message.

> 2002-08-26 15:56:25 17jQuO-00012Q-00 <= bitbucket@??? H=dns.fgnet.dk
> (localhost.localdomain) [212.242.88.3] P=esmtp S=1028
> 2002-08-26 15:56:26 17jQuQ-00012Y-00 <= bitbucket@??? U=daemon
> P=spam-scanned S=1247 id=E17jQuO-00012Q-00@???
> 2002-08-26 15:56:26 17jQuQ-00012Y-00 **
> "marvin@???: unknown local-part
> "marvin@???" in domain "myreal.mailserver.com"
> 2002-08-26 15:56:26 17jQuO-00012Q-00 => marvin@???
> <"marvin@???> D=spamcheck_director
> T=spamcheck
> 2002-08-26 15:56:26 17jQuO-00012Q-00 Completed
>
> What do I have to do to exim to make sure this doesn't happen? I have
> "reciever_verify" set and have no "receiver_verify_hosts"
>
> I'm not sure what else could cause ORDB to think it's a relay. I can't seem
> to reproduce thier test :-( anyone have any ideas? Here's the test I tried:
>
> blutgens@samba:~$ telnet myreal.mailserver.com 25
> Trying 208.210.149.36...
> Connected to myreal.mailserver.com.
> Escape character is '^]'.
> 220 myreal.mailserver.com ESMTP Exim 3.34 #1 Mon, 26 Aug 2002 16:17:41 -0500
> ehlo somevalid.fqdn.com
> 250-myreal.mailserver.com Hello somevalid.fqdn.com [123.123.123.123]
> 250-SIZE
> 250-PIPELINING
> 250-STARTTLS
> 250 HELP
> MAIL From:<"myvalid@???>
> 250 <"myvalid@???> is syntactically correct
> RCPT To: another@???
> 550 relaying to <another@???> prohibited by administrator


You've got this backwards. http://www.ordb.org/lookup/?host=208.210.149.36
shows that what they sent was MAIL FROM:<bitbucket@???> and RCPT
TO:<"marvin@???>.

> I'm at wits end here, if anyone has any ideas where to look I'd really
> appreciate it.


I'd be wary of your spamcheck stuff. It's a likely candidate for what has
made you an open relay.

Post the contents of your spamcheck_director and spamcheck transport and
perhaps someone can help further.

Tabor
--
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality