On Wed, 28 May 2003 11:29:02 -0400 "Ricardo J. Michell" <rmichell@???> wrote:
> 1. how do I know if my server is open for spam (relay)
try an open relay tester, like the one at
www.abuse.net/relay.html
> 2. how can I change exim to stop it.
depends on what is permitting the realy to go through. there are numerous
configuration glitches that can permit open relay.
my personal favorite (from recent experience) is this goodie. suppose you
decide in your ACLs to whitelist an email address from an otherwise
blacklisted source (for example, crateandbarrel.com is a legit retailer
that uses the nasty folks at doubleclick for their outsourced mail
campaigns):
accept senders = cratenews@???
what is missing from this is restricting the RCPT TO: domains to local
deliveries, like so:
accept senders = cratenews@???
domains = +local_domains
one of my clients omitted the domains setting from a couple of whitelist
entries, and a spammer stumbled across the right MAIL FROM: to use to
permit relaying. oops.
tracking this stuff down may require using the -bh option with -v and an
appropriate -d setting to figure out which rule in your ACLs is letting the
spam through.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
