[Exim] RE: SMTP AUTH Open Relay...

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Giuliano Gavazzi
Data:  
Para: Exim
Assunto: [Exim] RE: SMTP AUTH Open Relay...
At 1:46 -0600 2003/03/20, Thai Q. Tran wrote:
>Hello everyone,
>    I am currently having some issues with Exim 4.14 regarding SMTP
>Auth.  The problem seems to be that I have been put into some ORDB and I
>don't know how many others as an open relay.  After running some test I
>found that my issue is a spammer can pose as spammer@??? and be able
>to send to spammer@??? and bypass SMTP Auth.  Does anyone have an
>idea of how I can resolve this issue?  Any ideas or information would be
>greatly appreciated.  Thank you.

>
>Here is my ACL and SMTP Auth Configs:
>
>------------------------------------------------
>ACL
>check_recipient:


I would put here a:

accept authenticated = *

otherwise how would you do SMTP AUTH?

> require verify = sender
> require verify = recipient


I would delete the verify recipient (and do it below)

> deny dnslists = relays.ordb.org : blackholes.mail-abuse.org :
>relays.mail-abuse.org :
> deny local_parts = ^.*[@%!/|] : ^\\.
> deny senders = :
> accept


^^^^^^^
is this a joke..?

You need:

   accept  domains       = +local_domains
           endpass
           verify        = recipient


and optionally (if you relay to anyone)

   accept  domains       = +relay_to_domains
           endpass
           message       = unrouteable address
           verify        = recipient


where you have defined the local_domains and relay_to_domains (before
the acls section) as in (if you do not relay to anyone):

domainlist local_domains = first.domain : second.domain
domainlist relay_to_domains =

>   deny    message = relay not permitted

>
>check_message:
> accept
>
>check_vrfy:
> require authenticated = *


I don't know what you meant here, but this will just require
authentication for the VRFY command, I would just delete (and
undeclare) this ACL unless you have some reasons to enable this
command for authenticated users. Besides, I since there is no accept,
this will always deny...

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/