[Exim] HELP: can't stop relaying

Top Page
Delete this message
Reply to this message
Author: Wolfgang.Fuertbauer
Date:  
To: exim-users
Subject: [Exim] HELP: can't stop relaying
Hi,

who can help me please?
a little bit confused; can't stop relaying the following mail:

>From devnull@??? Mon Nov 25 13:22:04 2002
>Return-path: <devnull@???>
>Envelope-to: relayedmail@???
>Delivery-date: Mon, 25 Nov 2002 13:22:04 +0100
>Received: from [80.120.1.196] (helo=ebewe.com)
>            by relaytest.kundenserver.de with esmtp (Exim 3.35 #1

(Debian))
>            id 18GIFY-0006Dc-00
>            for <relayedmail@???>; Mon, 25 Nov

2002 13:22:04 +0100
>Received: from relaytest.kundenserver.de ([212.227.126.156])
>            by ebewe.com with smtp (Exim 4.10)
>            id 18GIF2-0008MG-00
>            for relayedmail@???; Mon, 25 Nov

2002 13:21:32 +0100
>To: relayedmail@???
>From: devnull@???
>Subject: test for susceptibility to third-party mail relay
>Date: Mon, 25 Nov 2002 12:21:27 GMT
>Message-Id: <rlytest-1038226887-23041@???>
>Errors-to: devnull@???
>Bounces-to: devnull@???
>Sender: devnull@???
>Reply-To: feedback-8937197@???
>X-Testinghost: 80.120.1.196
>X-Spam-Score: 2.3 (++)
>X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/)

*18GIF2-0008MG-00*aNY.wdPaFSg*
>
>This message is a test probe, to ensure that your mail server is secured
>against third-party mail relay. This is NOT an attempt to hack or
>crack your system, but just to ensure the system are secured against
>this common vulnerability. We do test every host who sends mail to
>our mx servers at mx.kundenserver.de.
>
>A well-configured mail server should NOT relay third-party email.
>Otherwise, the server is subject to attack and hijack by Internet
>vandals and spammers. For information on how to secure a mail server
>against third-party relay, visit <URL: http://mail-abuse.org/tsi/>.
>
>You can review your hosts status and schedule retests from
><URL: http://relaytest.kundenserver.de/view.php?ip=80.120.1.196>.
>
>If you have any questions about this test, please take a look at our FAQ
>at <URL: http://relaytest.kundenserver.de/faq/>.
>
>    Target host = 80.120.1.196

>
>If you'd like contact a live person, email us at

feedback-8937197@???.
>
>This is test 8937197 on IP 80.120.1.196.



here is my config:

domainlist local_domains = ebewe.at : ebewe.co.at : ebewe.com :
intern.ebewe.at
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : 172.16.0.0/16 : 80.120.1.195/32
hostlist rbl_hosts = !172.16.0.0/16:0.0.0.0/0
hostlist relay_domains =
helo_accept_junk_hosts = !172.16.0.0/16:0.0.0.0/0
helo_try_verify_hosts = !172.16.0.0/16:0.0.0.0/0

acl_smtp_rcpt = acl_check_rcpt
begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this
by
# testing for an empty sending host field.

accept hosts = :
accept domains = +local_domains


# RBL

  deny    hosts = +rbl_hosts
          message = host is listed in $dnslist_domain
          dnslists =
blackholes.mail-abuse.org:dialups.mail-abuse.org:relays.mail-abuse.org


# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.

  deny    local_parts   = ^.*[@%!/|]


# Accept mail to postmaster in any local domain, regardless of the
source,
# and without verifying the sender.

  accept  verify                = helo


  accept  local_parts   = postmaster
          domains       = +local_domains


# Deny unless the sender address can be verified.

  require verify        = sender/callout=60s
  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient


# Accept if the address is in a domain for which we are relaying, but
again,
# only if the recipient can be verified.

  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient


# If control reaches this point, the domain is neither in +local_domains
# nor in +relay_to_domains.

# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. Recipient verification is omitted here, because in many
# cases the clients are dumb MUAs that don't cope well with SMTP error
# responses. If you are actually relaying out from MTAs, you should
probably
# add recipient verification here.

  accept  hosts         = +relay_from_hosts


# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.

accept authenticated = *

# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.

  deny    message       = relay not permitted


----------------------------------------------------------------------
Wolfgang Fuertbauer (E-Mail: Wolfgang.Fuertbauer@???)
EBEWE Pharma                          Tel: ++43 7665 8123 315
Mondseestrasse 11                     Fax: ++43 7665 8123 11
4866  Unterach, Austria
http://www.ebewe.com