Hi all,
today I setup and compiled the current release of Exim (4.14) on a Debian
3.0 box in order to replace the Debian stock version 3.35 as I need some
features of the new version.
I used the "convert4r4" programm to upgrade the config script which _should_
be fairly ease as my configuration (allways-up-DSL with some dynamic DNS)
is quite straight forward (I though of at least <g>).
The main domain is "all-about-shift.com". The result of the upgrade is that
it is now possible for a external MTA to send a mail a'la
rcpt to: <"spamtest@???>
which wasn't the case with the 3.35 version. Although relaying is not
allowed at all it opens a small hole for a spammer to flood my server.
While the above command results in an accepted mail with exim4 it resulted
in a rejected in 3.35.
I tried various settings to change but nothing fixed this issue. My config
file is included, any help is greatly appreciated.
Thanks,
Soren Gerlach
---------------------------------------------------------
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
acl_smtp_vrfy = check_vrfy
domainlist local_domains = localhost : \
10.1.1.2 : \
all-about-shift.com : \
mail.all-about-shift.com : \
soerenundclaudia.de : \
sapperlot.homelinux.com
hostlist relay_hosts = 127.0.0.1 : \
10.1.0.0/16
qualify_domain = all-about-shift.com
never_users = root
host_lookup = *
trusted_users = mail:soeren
gecos_pattern = ^([^,:]*)
gecos_name = $1
smtp_accept_queue_per_connection = 100
freeze_tell = postmaster
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
(Exim ${version_number} #${compile_number} (Debian))\n\t\
id ${message_id}\
${if def:received_for {\n\tfor <$received_for>}}"
begin acl
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
accept domains = +local_domains
accept hosts = +relay_hosts
deny message = relay not permitted
check_message:
accept
check_vrfy:
accept
begin rewrite
*@all-about-shift.com ${lookup{$1}lsearch{/etc/email-addresses}\
{$value}fail} frFs
begin routers
lookuphost:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
literal:
driver = ipliteral
domains = ! +local_domains
transport = remote_smtp
no_more
real_local:
driver = accept
check_local_user
local_part_prefix = real-
transport = local_delivery
system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
user = list
userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
file = $home/.forward
file_transport = address_file
modemask = 002
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
procmail:
driver = accept
check_local_user
require_files =
${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
transport = procmail_pipe
no_verify
localuser:
driver = accept
check_local_user
transport = maildir_delivery
begin transports
local_delivery:
driver = appendfile
envelope_to_add
file = /var/spool/mail/${local_part}
group = mail
mode = 0660
no_mode_fail_narrower
return_path_add
maildir_delivery:
driver = appendfile
check_string =
delivery_date_add
directory = /home/${local_part}/Maildir
envelope_to_add
maildir_format
message_prefix =
message_suffix =
return_path_add
address_pipe:
driver = pipe
path = /usr/bin:/bin:/usr/local/bin
return_output
address_file:
driver = appendfile
envelope_to_add
return_path_add
address_directory:
driver = appendfile
check_string =
maildir_format
message_prefix = ""
message_suffix = ""
address_reply:
driver = autoreply
procmail_pipe:
driver = pipe
command = "/usr/bin/procmail"
delivery_date_add
envelope_to_add
message_suffix = ""
return_path_add
remote_smtp:
driver = smtp
begin retry
* * F,2h,15m; G,16h,2h,1.5; F,4d,8h
