At 1:46 -0600 2003/03/20, Thai Q. Tran wrote:
>Hello everyone,
> I am currently having some issues with Exim 4.14 regarding SMTP
>Auth. The problem seems to be that I have been put into some ORDB and I
>don't know how many others as an open relay. After running some test I
>found that my issue is a spammer can pose as spammer@??? and be able
>to send to spammer@??? and bypass SMTP Auth. Does anyone have an
>idea of how I can resolve this issue? Any ideas or information would be
>greatly appreciated. Thank you.
>
>Here is my ACL and SMTP Auth Configs:
>
>------------------------------------------------
>ACL
>check_recipient:
I would put here a:
accept authenticated = *
otherwise how would you do SMTP AUTH?
> require verify = sender
> require verify = recipient
I would delete the verify recipient (and do it below)
> deny dnslists = relays.ordb.org : blackholes.mail-abuse.org :
>relays.mail-abuse.org :
> deny local_parts = ^.*[@%!/|] : ^\\.
> deny senders = :
> accept
^^^^^^^
is this a joke..?
You need:
accept domains = +local_domains
endpass
verify = recipient
and optionally (if you relay to anyone)
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
where you have defined the local_domains and relay_to_domains (before
the acls section) as in (if you do not relay to anyone):
domainlist local_domains = first.domain : second.domain
domainlist relay_to_domains =
> deny message = relay not permitted
>
>check_message:
> accept
>
>check_vrfy:
> require authenticated = *
I don't know what you meant here, but this will just require
authentication for the VRFY command, I would just delete (and
undeclare) this ACL unless you have some reasons to enable this
command for authenticated users. Besides, I since there is no accept,
this will always deny...
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
