Re: [Exim] how to stop spamming

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: Re: [Exim] how to stop spamming
On Wed, 28 May 2003 11:29:02 -0400 "Ricardo J. Michell" <rmichell@???> wrote:
> 1.        how do I know if my server is open for spam (relay)


try an open relay tester, like the one at www.abuse.net/relay.html

> 2.        how can I change exim to stop it.


depends on what is permitting the realy to go through. there are numerous
configuration glitches that can permit open relay.

my personal favorite (from recent experience) is this goodie. suppose you
decide in your ACLs to whitelist an email address from an otherwise
blacklisted source (for example, crateandbarrel.com is a legit retailer
that uses the nasty folks at doubleclick for their outsourced mail
campaigns):

accept senders = cratenews@???

what is missing from this is restricting the RCPT TO: domains to local
deliveries, like so:

  accept  senders = cratenews@???
          domains = +local_domains


one of my clients omitted the domains setting from a couple of whitelist
entries, and a spammer stumbled across the right MAIL FROM: to use to
permit relaying. oops.

tracking this stuff down may require using the -bh option with -v and an
appropriate -d setting to figure out which rule in your ACLs is letting the
spam through.

richard
--
Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security