Re: [Exim] [Exim4] I'm open relay: How not to be ?

Top Page
Delete this message
Reply to this message
Author: Peter Bowyer
Date:  
To: exim-users
Subject: Re: [Exim] [Exim4] I'm open relay: How not to be ?
Rakotomandimby Mihamina <mihamina@???> wrote:
> Peter Bowyer wrote:
>>> domainlist relay_domains = *
> [...]
>> Change that domainlist to list only the domains that you want to
>> relay to from anywhere - could be none if everything is covered in
>> local_domains.
>
> But ... it's mail server ... a smtp server used by 5 or 6 peolple of a
> organisation.


The relay_domains domainlist as you've got it implemented is a list of
domains anyone, anywhere can relay to. This is your problem. Change it to a
list of internal domains that this server is responsible for inbound
relaying for, or some similar concept in your setup. Or change it to nothing
at all.

> As well as the users use it from their home (with an DSL dynamical IP
> line), the only solution for me is to implement smtp authentication.
> I guess i'll have to uncomment the relevant lines in the ACL section


Yep, if you can't rely on IP based controls, you need authentication. Your
ACL correctly uses auth_relay_hosts, all you need to do is get the
authenticators working and you're away. Exim doesn't inherently know the
difference between one of your uses on a DSL line and and a spammer trying
to relay.

> I'll try and see ... but if you have some solutions for me ...


The advice hasn't changed...

Peter