[Exim] Open relay?

Top Page
Delete this message
Reply to this message
Author: j2
Date:  
To: exim-users
Subject: [Exim] Open relay?
All of a sudden, i seem to be an open relay. It started at about nine this
morning, and i seem to have transmitted about 20-30 mails before i killed it
(Yeam i know, lucky i was around)

But i cant figure out WHY, i see no option that would cater for this. Please
find below an debug log of the transaction... Any hints welcome.. But it
seem that a bit down, it sees the sender as a relay_for_host? But that
shouldnt be.. And yes, it is HELO-ing as my local IP .81.226.215.85 Also
enclosing my exim.conf

26838 Connection request from 221.139.231.35 port 3425
26838 search_tidyup called
26838 1 SMTP accept process running
26838 Listening...
26875 host in rfc1413_hosts? yes (matched "*")
26875 doing ident callback
26875 ident connection to 221.139.231.35 failed: Connection refused
26875 sender_fullhost = [221.139.231.35]
26875 sender_rcvhost = [221.139.231.35]
26875 Process 26875 is handling incoming connection from [221.139.231.35]
26875 checking for IP options
26875 no IP options found
26875 host in host_lookup? yes (matched "*")
26875 looking up host name for 221.139.231.35
26875 DNS lookup of 35.231.139.221.in-addr.arpa (PTR) gave HOST_NOT_FOUND
26875 returning DNS_NOMATCH
26875 IP address lookup using gethostbyaddr()
26875 IP address lookup failed: h_errno=1
26875 LOG: host_lookup_failed MAIN
26875   no host name found for IP address 221.139.231.35
26875 sender_fullhost = [221.139.231.35]
26875 sender_rcvhost = [221.139.231.35]
26875 set_process_info: 26875 handling incoming connection from
[221.139.231.35]
26875 host in host_reject_connection? no (option unset)
26875 host in sender_unqualified_hosts? no (option unset)
26875 host in recipient_unqualified_hosts? no (option unset)
26875 host in helo_verify_hosts? no (option unset)
26875 host in helo_try_verify_hosts? no (option unset)
26875 host in helo_accept_junk_hosts? no (option unset)
26875 SMTP>> 220 cookiemonster ESMTP Exim 4.34 Sun, 04 Jul 2004 14:16:43
+0200
26875 Process 26875 is ready for new message
26875 smtp_setup_msg entered
26875 SMTP<< HELO 81.226.215.85
26875 81.226.215.85 in helo_lookup_domains? no (end of list)
26875 sender_fullhost = (81.226.215.85) [221.139.231.35]
26875 sender_rcvhost = [221.139.231.35] (helo=81.226.215.85)
26875 set_process_info: 26875 handling incoming connection from
(81.226.215.85) [221.139.231.35]
26875 SMTP>> 250 cookiemonster Hello 81.226.215.85 [221.139.231.35]
26875 SMTP<< MAIL FROM:<smtp2001soho@???>
26875 SMTP>> 250 OK
26875 SMTP<< RCPT TO:<ksc-0110@???>
26875 using ACL "acl_check_rcpt"
26875 processing "accept"
26875 check hosts = :
26875 host in ":"? no (end of list)
26875 accept: condition test failed
26875 processing "deny"
26875 check domains = +local_domains
26875 hanmail.net in
"@:mupp.net:localhost:animal.mupp.net:waldorf.mupp.net"? no (end of list)
26875 hanmail.net in "+local_domains"? no (end of list)
26875 deny: condition test failed
26875 processing "deny"
26875 check domains = !+local_domains
26875 cached no match for +local_domains
26875 cached lookup data = NULL
26875 hanmail.net in "!+local_domains"? yes (end of list)
26875 check local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
26875 ksc-0110 in "^[./|] : ^.*[@%!] : ^.*/\.\./"? no (end of list)
26875 deny: condition test failed
26875 processing "accept"
26875 check local_parts = postmaster
26875 ksc-0110 in "postmaster"? no (end of list)
26875 accept: condition test failed
26875 processing "deny"
26875 check !acl = acl_whitelist_local_deny
26875 using ACL "acl_whitelist_local_deny"
26875 processing "accept"
26875 check hosts = ${if
exists{/etc/exim/local_host_whitelist}{/etc/exim/local_host_whitelist}{}}
26875 host in ""? no (end of list)
26875 accept: condition test failed
26875 processing "accept"
26875 check senders = ${if
exists{/etc/exim/local_sender_whitelist}{/etc/exim/local_sender_whitelist}{}
}
26875 smtp2001soho@??? in ""? no (end of list)
26875 accept: condition test failed
26875 end of ACL "acl_whitelist_local_deny": implicit DENY
26875 check senders = ${if
exists{/etc/exim/local_sender_blacklist}{/etc/exim/local_sender_blacklist}{}
}
26875 smtp2001soho@??? in ""? no (end of list)
26875 deny: condition test failed
26875 processing "deny"
26875 check !acl = acl_whitelist_local_deny
26875 using ACL "acl_whitelist_local_deny"
26875 processing "accept"
26875 check hosts = ${if
exists{/etc/exim/local_host_whitelist}{/etc/exim/local_host_whitelist}{}}
26875 host in ""? no (end of list)
26875 accept: condition test failed
26875 processing "accept"
26875 check senders = ${if
exists{/etc/exim/local_sender_whitelist}{/etc/exim/local_sender_whitelist}{}
}
26875 smtp2001soho@??? in ""? no (end of list)
26875 accept: condition test failed
26875 end of ACL "acl_whitelist_local_deny": implicit DENY
26875 check hosts = ${if
exists{/etc/exim/local_host_blacklist}{/etc/exim/local_host_blacklist}{}}
26875 host in ""? no (end of list)
26875 deny: condition test failed
26875 processing "accept"
26875 check domains = +local_domains
26875 cached no match for +local_domains
26875 cached lookup data = NULL
26875 hanmail.net in "+local_domains"? no (end of list)
26875 accept: condition test failed
26875 processing "accept"
26875 check domains = +relay_to_domains
26875 hanmail.net in ""? no (end of list)
26875 hanmail.net in "+relay_to_domains"? no (end of list)
26875 accept: condition test failed
26875 processing "accept"
26875 check hosts = +relay_from_hosts
26875 host in "127.0.0.1 : ::::1 : 192.168.0.0/24"? yes (matched "::1")
26875 host in "+relay_from_hosts"? yes (matched "+relay_from_hosts")
26875 accept: condition test succeeded
26875 SMTP>> 250 Accepted
26875 SMTP<< DATA
26875 SMTP>> 354 Enter message, ending with "." on a line by itself
26875 search_tidyup called
26875 host in ignore_fromline_hosts? no (option unset)
26875 >>Headers received:
26875 Subject: 7534df112cn206:81.226.215.85<221.139.231.35>
26875 X-Priority: 1
26875 X-Mail-Priority: Highest
26875 Content-Type: text/plain;
26875
26875 address match: subject=smtp2001soho@??? pattern=*@+local_domains
26875 yahoo.com in "@:mupp.net:localhost:animal.mupp.net:waldorf.mupp.net"?
no (end of list)
26875 yahoo.com in "+local_domains"? no (end of list)
26875 smtp2001soho@??? in "*@+local_domains"? no (end of list)
26875 address match: subject=smtp2001soho@??? pattern=*@+local_domains
26875 yahoo.com in "@:mupp.net:localhost:animal.mupp.net:waldorf.mupp.net"?
no (end of list)
26875 yahoo.com in "+local_domains"? no (end of list)
26875 smtp2001soho@??? in "*@+local_domains"? no (end of list)
26875 rewritten sender = smtp2001soho@???
26875 search_tidyup called
26875 >>Headers after rewriting and local additions:
26875   Subject: 7534df112cn206:81.226.215.85<221.139.231.35>
26875   X-Priority: 1
26875   X-Mail-Priority: Highest
26875   Content-Type: text/plain;
26875
26875 Data file written for message 1Bh5vN-0006zT-8K
26875 >>Generated Received: header line
26875 P Received: from [221.139.231.35] (helo=81.226.215.85)
26875   by cookiemonster with smtp (Exim 4.34)
26875   id 1Bh5vN-0006zT-8K
26875   for ksc-0110@???; Sun, 04 Jul 2004 14:16:52 +0200
26875 using ACL "acl_check_data"
26875 processing "warn"
26875 check condition = ${if !def:h_Message-ID: {1}}
26875                 = 1
26875 check hosts = +relay_from_hosts
26875 cached yes match for +relay_from_hosts
26875 cached lookup data = NULL
26875 host in "+relay_from_hosts"? yes (matched "+relay_from_hosts" -
cached)
26875 warn: condition test succeeded
26875 processing "accept"
26875 accept: condition test succeeded
26875 >>Headers added by DATA ACL:
26875   Message-ID: <E1Bh5vN-0006zT-8K@cookiemonster>
26875
26875 calling local_scan(); timeout=300
26875 local_scan() returned 0 NULL
26875 Writing spool header file
26875 Size of headers = 338
26875 LOG: MAIN
26875   <= smtp2001soho@??? H=(81.226.215.85) [221.139.231.35] P=smtp
S=340
26875 SMTP>> 250 OK id=1Bh5vN-0006zT-8K
26875 search_tidyup called
26875 Sender: smtp2001soho@???
26875 Recipients:
26875   ksc-0110@???
26875 Process 26875 is ready for new message
26875 smtp_setup_msg entered
26875 SMTP<< QUIT
26875 SMTP>> 221 cookiemonster closing connection
26875 LOG: smtp_connection MAIN
26875   SMTP connection from (81.226.215.85) [221.139.231.35] closed by QUIT
26875 search_tidyup called
26838 child 26875 ended: status=0x0
26838 0 SMTP accept processes now running
26838 Listening...


cookiemonster:/var/spool#

# cat /etc/exim/exim.conf
# Activates Mailscanner or normal operation - read
# xams-0.0.15/docs/install/mailscanner.txt for more information.
#
.ifdef MAILSCANNER_INCOMING
spool_directory = /var/spool/exim-incoming
queue_only = true
.elifdef MAILSCANNER_OUTGOING
spool_directory = /var/spool/exim-outgoing
.else
spool_directory = /var/spool/exim
.endif

allow_domain_literals = No

exim_path = /usr/sbin/exim

CONFDIR = /etc/exim

MESSAGE_SIZE_LIMIT = 10M

domainlist local_domains =
@:mupp.net:localhost:animal.mupp.net:waldorf.mupp.net

domainlist relay_to_domains =

hostlist relay_from_hosts = 127.0.0.1 : ::::1 : 192.168.0.0/24

qualify_domain = mupp.net

DCreadhost =

DCsmarthost = statler.mupp.net

local_interfaces = 127.0.0.1:192.168.0.130

LOCAL_DELIVERY=mail_spool

gecos_pattern = ^([^,:]*)
gecos_name = $1

DCconfig_smarthost = 1

acl_smtp_rcpt = acl_check_rcpt

acl_smtp_data = acl_check_data


.ifndef DC_minimaldns
host_lookup = *
.endif

rfc1413_hosts = *
rfc1413_query_timeout = 30s

ignore_bounce_errors_after = 2d

timeout_frozen_after = 7d

freeze_tell = postmaster

#.ifndef SPOOLDIR
#SPOOLDIR = /var/spool/exim
#.endif
#spool_directory = SPOOLDIR

trusted_users = uucp

begin acl

acl_whitelist_local_deny:
  accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
                        {CONFDIR/local_host_whitelist}\
                        {}}
  accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
                        {CONFDIR/local_sender_whitelist}\
                        {}}


acl_check_rcpt:
accept hosts = :

  deny    domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]
          message       = restricted characters in address


  deny    domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
          message       = restricted characters in address


  accept local_parts = postmaster
         domains = +local_domains


  deny message = sender envelope address $sender_address is locally
blacklisted here. If you think this is wrong, get in touch with postmaster
       !acl = acl_whitelist_local_deny
       senders = ${if exists{CONFDIR/local_sender_blacklist}\
                             {CONFDIR/local_sender_blacklist}\
                             {}}


  deny message = sender IP address $sender_host_address is locally
blacklisted here. If you think this is wrong, get in touch with postmaster
       !acl = acl_whitelist_local_deny
       hosts = ${if exists{CONFDIR/local_host_blacklist}\
                             {CONFDIR/local_host_blacklist}\
                             {}}


  accept domains = +local_domains
         endpass
         message = unknown user
         verify = recipient


  accept domains = +relay_to_domains
         endpass
         message = unrouteable address
         verify = recipient


accept hosts = +relay_from_hosts

accept authenticated = *

deny message = relay not permitted

acl_check_data:
   warn condition = ${if !def:h_Message-ID: {1}}
        hosts = +relay_from_hosts
        message = Message-ID: <E$message_id@$primary_hostname>



accept

begin routers

hubbed_hosts:
  debug_print = "R: hubbed_hosts for $domain"
  driver = manualroute
  domains = "${if exists{CONFDIR/hubbed_hosts}\
                   {partial-lsearch;CONFDIR/hubbed_hosts}\
              fail}"
  route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
  transport = remote_smtp


.ifdef DCconfig_internet

dnslookup_relay_to_domains:
debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains : +relay_to_domains
transport = remote_smtp
same_domain_copy_routing = yes
no_more

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = ! +local_domains
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
  no_more


.endif

.ifdef DCconfig_local
nonlocal:
debug_print = "R: nonlocal for $local_part@$domain"
driver = redirect
domains = ! +local_domains
allow_fail
data = :fail: Mailing to remote domains not supported
no_more

.endif

.ifdef DCconfig_smarthost DCconfig_satellite

smarthost:
debug_print = "R: smarthost for $local_part@$domain"
driver = manualroute
domains = ! +local_domains
transport = remote_smtp_smarthost
route_list = * DCsmarthost
host_find_failed = defer
same_domain_copy_routing = yes
no_more

.endif

real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
domains = +local_domains
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY

system_aliases:
debug_print = "R: system_aliases for $local_part@$domain"
driver = redirect
domains = +local_domains
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file

.ifdef DCconfig_satellite
hub_user:
debug_print = "R: hub_user for $local_part@$domain"
driver = redirect
domains = +local_domains
data = ${local_part}@DCreadhost
check_local_user

.endif

userforward:
  debug_print = "R: userforward for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  check_local_user
  file = $home/.forward
  no_verify
  no_expn
  check_ancestor
  allow_filter
  directory_transport = address_directory
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
    This is an automatically generated message. An error has\n\
    been found in your .forward file. Details of the error are\n\
    reported below. While this error persists, you will receive\n\
    a copy of this message for every message that is addressed\n\
    to you. If your .forward file is a filter file, or if it is\n\
    a non-filter file containing no valid forwarding addresses,\n\
    a copy of each incoming message will be put in your normal\n\
    mailbox. If a non-filter file contains at least one valid\n\
    forwarding address, forwarding to the valid addresses will\n\
    happen, and those will be the only deliveries that occur.


procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = procmail_pipe
require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
no_verify
no_expn

maildrop:
debug_print = "R: maildrop for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
transport = maildrop_pipe
require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
no_verify
no_expn

local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
domains = +local_domains
check_local_user
local_parts = ! root
transport = LOCAL_DELIVERY

mail4root:
debug_print = "R: mail4root for $local_part@$domain"
driver = redirect
domains = +local_domains
data = /var/mail/mail
file_transport = address_file
local_parts = root
user = mail
group = mail

begin transports

address_file:
debug_print = "T: address_file for $local_part@$domain"
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

address_pipe:
debug_print = "T: address_pipe for $local_part@$domain"
driver = pipe
return_fail_output

address_reply:
debug_print = "T: autoreply for $local_part@$domain"
driver = autoreply

mail_spool:
debug_print = "T: appendfile for $local_part@$domain"

driver = appendfile
directory = /home/$local_part/Maildir/
delivery_date_add
envelope_to_add
return_path_add
maildir_format
maildir_tag = ,S=$message_size


maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
directory = $home/Maildir
delivery_date_add
envelope_to_add
return_path_add
maildir_format
mode = 0600
mode_fail_narrower = false

maildrop_pipe:
debug_print = "T: maildrop_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
return_path_add
delivery_date_add
envelope_to_add

procmail_pipe:
debug_print = "T: procmail_pipe for $local_part@$domain"
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/procmail"
return_path_add
delivery_date_add
envelope_to_add

remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp

remote_smtp_smarthost:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
port = 2525
hosts_try_auth = ${if exists {CONFDIR/passwd.client}{DCsmarthost}{}}



address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
envelope_to_add = true
return_path_add = true
check_string = ""
escape_string = ""
maildir_format

begin retry

*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h


begin rewrite

*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
                   {$value}fail} Ffrs


*@+local_domains "${if exists {CONFDIR/email-addresses}\

{${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
                    {$value}fail}}fail}" Ffrs


begin authenticators

#cram_md5:
#  driver = cram_md5
#  public_name = CRAM-MD5
#  client_name =
${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}
}
#  client_secret =
${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}
}
#
#plain:
#  driver = plaintext
#  public_name = PLAIN
#  client_send = "${if !eq{$tls_cipher}{}{\
#                     ^${extract{1}{::}\
#
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
#                    ^${extract{2}{::}\
#
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
#                  }fail}"
#
#login:
#  driver = plaintext
#  public_name = LOGIN
#  client_send = "${if !eq{$tls_cipher}{}{}fail}\
#                 : ${extract{1}{::}\
#
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
#                : ${extract{2}{::}\
#
{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"