Re: [Exim] My Server as spamming machine !

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: exim-users
CC: Suresh Ramasubramanian, Rejo Zenger, ankush dawar
Subject: Re: [Exim] My Server as spamming machine !
----- Original Message -----
From: "Philip Hazel" <ph10@???>

> On Mon, 15 Dec 2003, James P. Roberts wrote:
>
> > What would be the impact of deleting the following line from rcpt ACL?
> >
> > accept hosts = :
> >
> > If I understand correctly, deleting this line would remove the "free pass"

for
> > local "command line" injected messages, and instead apply the rest of the

rcpt
> > ACL, including, for example, authentication tests.
>
> Only to those "command line" injected messages that use SMTP over the
> standard input/output. It would not affect non-SMTP command line
> messages. For those, you need to set up a non-SMTP ACL.
>
> > Could one add a log line to "accept hosts = :", to track the userid of

anyone
> > using the command line to inject messages? Might this help identify the
> > culprit? Something like:
> >
> >   accept hosts = :
> >          log_message = local injection by $originator_uid as

$sender_address
>
> You could, but again, you'd have to do this also in a non-SMTP ACL to be
> sure of catching all non TCP/IP messages.
>
> --
> Philip Hazel            University of Cambridge Computing Service,
> ph10@???      Cambridge, England. Phone: +44 1223 334714.
> Get the Exim 4 book:    http://www.uit.co.uk/exim-book

>


I thought a blank sending host meant "not a TCP/IP connection", and that this
would be reliably detected by the "hosts = :" test. What I failed to realize
was that there are (apparently) messages that can get into Exim without going
through the RCPT ACL?!? In general, I don't think I want to accept any
non-SMTP messages.

I feel very newbie-ish (again).

Jim Roberts