Re: [Exim] exim3 is OpenRelay

Top Page
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] exim3 is OpenRelay
Hi Karel, on Fri, 30 Apr 2004 16:46:17 +0200 you wrote:

> Since two weeks I'm using exim3 (Debian package). I know that this is
> a little bit old, but I want to use the packages Debian offers me and
> so I can't use exim4.


Lots of people say this, and I'm not a Debian user, but there seem to be
lots of happy Debian users here who have Exim 4 packages from a newer
version of Debian or something. I understand what you mean, but it seems a
shame to be enslaved to the choice of software that Debian offer you,
particularly when it's antiquated. This isn't Debian-specific of course:
as someone who would rather *do* things with machines than spend forever
compiling stuff, monitoring updates etc., I prefer to stick to distro
packages where appropriate, as it's convenient. But I'm not going to let
the distro govern what I use, so where I need/want something that diverges
from what they offer, I don't hesitate to build my own packages, or source
them from somewhere else. I still get all the benefits of package
management, but can run the software I want. Of course, that places the
burden of monitoring and maintenance of updates on me, but I can live with
that for a limited number of packages.

> Last week I got the message from ORDB that my server is an open relay.
> I found out that exim accepts addresses like this one:
>     "foreign-user@???
> After receiving this mail, exim "unpacks" the foreign address and
> forwards the email to foreign-user@???


This doesn't happen by default, so you must have inadvertently configured
Exim that way.

> My current exim.conf (main part):

<snip>
To be honest, I can't obviously see what's wrong with that, but then my
eyes glaze over a bit when it comes to Exim 3.

I strongly suggest that you install Exim 4 (search the archives for
'debian' to find the best way to do so taking into account the discussion
above) and then you will have not only a secure machine but a much more
powerful mail server. Then, if you need to do anything funky with message
policies, you'll be using ACLs, and it's usually fairly easy to spot the
misconfiguration if you manage to turn yourself into an open relay using
ACLs.

> I hope anyone can help me with this problem. If I can't find a
> solution I have to change to postfix, but I hate this mailer.


Don't do that. There is definitely a solution, and I'm sorry I can't spot
the "quick fix for exim 3" which certainly exists, but this really isn't a
fundamental problem with Exim, it's just down to some config option(s) you
have set.


Tim