[Exim] URGENT: Open-Relay for Bounces

Author: Michael Jakscht
Date:
To: exim-users
Subject: [Exim] URGENT: Open-Relay for Bounces

Hi,

I just discovered that my MX's are open relays for bounce messages.
(Because I noticed the priMX is BL at njabl.org :-((( )
I rellay urgent need assistance in fixing this problem.
Would be great if we could solve this problem...

I think it could have something to do with the acl_check_rcpt:
I tried setting

========================================================
  accept  senders       = :
========================================================

========================================================
  accept  domains       = !+local_domains : !+relay_to_domains
          senders       = :
========================================================

but I still can send out bounce messages to any arbitrary domains!
Please help me fix this!

Thanks!

Michael

========================================================
domainlist  local_domains    = vit.de : nlb.de : nlb2.de : \
                               nlbintra.net : fax
hostlist    local_networks   = 172.16.1.0/24 : 172.16.2.0/24 : \
                               192.168.200.0/24 : 172.27.81.0/24 : \
                               172.16.200.1/32 : 213.69.199.224/27
domainlist  relay_to_domains = vit.de : nlb.de

acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

begin acl

acl_check_mail:
  deny    hosts         = !+local_networks : !+relay_from_hosts
          dnslists      = relays.ordb.org : \
                          sbl.spamhaus.org : \
          message       = rejected because $sender_host_address is \
                          in a black list at $dnslist_domain\n
$dnslist_text
          log_message   = rejected because $sender_host_address is in a \
                          black list at $dnslist_domain\n$dnslist_text
  accept  hosts         = *

acl_check_rcpt:
#  accept  hosts                = :
  accept  hosts         = +local_networks : +relay_from_hosts
  warn    message       = X-Warning: reverse host lookup failed
          log_message   = reverse host lookup failed
          verify        = reverse_host_lookup
  deny    message       = Your address is blacklisted!
          log_message   = Your address is blacklisted!
          senders       = +denysenders
  require message       = local part of sender address or domain does not
exist
          log_message   = local part of sender address or domain does not
exist
          verify        = sender/callout=120s
  deny    message       = local part contains bad characters
          log_message   = local part contains bad characters
          local_parts   = ^.*[@%!/|] : ^\\.
  accept  local_parts   = postmaster
          domains       = +local_domains
  deny    message       = we don't need spam, sorry!
          log_message   = we don't need spam, sorry!
          senders       = !mnowak@??? : vit.de : nlb.de : nlb2.de :
nlbintra.net : fax
  accept  senders       = :
  deny    message       = destination domain not local!
          log_message   = destination domain not local!
          domains       = !+local_domains : !+relay_to_domains
  require message       = recipient could not be verified, relaying denied
          log_message   = recipient could not be verified, relaying denied
          verify        = recipient/callout=15s/defer_ok/callout_defer_ok
  accept  domains       = +local_domains
  deny    message       = relaying denied for some general purposes.
          log_message   = relaying denied for some general purposes.

acl_check_data:
  require message       = sender could not be verified or syntax error in
sender address
          log_message   = sender could not be verified or syntax error in
sender address
          verify        = header_sender
          verify        = header_syntax
  accept

========================================================

This message is part of the following thread:
	the complete thread tree sorted by date

	Michael Jakscht at