Re [3]: [exim] [NEWBIE]Stop Spammers - How - Confused

Pàgina inicial
Delete this message
Reply to this message
Autor: Giuliano Gavazzi
Data:  
A: exim, exim-users@exim.org
CC: Wakko Warner
Assumpte: Re [3]: [exim] [NEWBIE]Stop Spammers - How - Confused
At 3:56 am -0500 2004/09/21, exim@??? wrote:
>Hi.
>
>Thanks for all the help.
>
>Will commenting out the line
>
>host_auth_accept_relay = *
>
>prevent unauthorized users, i.e. spammers, from routing their messages through
>this machine (in combination with


I don't know exim 3 at all (never used it!), but I guess it will. I
just don't see what's the point of it anyway, as spammers will not be
able to relay anyway unless they know a user/password for your system.

>Quoting Wakko Warner <wakko@???>:
>>Are you using exim 3.x?
>>exim 4 does not have this option.
>
>exim -bV reports:
>Exim version 3.35 #1 built 06-May-2004 06:57:22
>
>Does exim 4 include better protection against spammers?


is not a question of better protection or not, it is a question of
running software that is over two years old and that will not find
much support on this list.


>With respect to my question:
>>host_accept_relay = 127.0.0.1 : ::::1 : *.accept-domain1.com :
>>*.accept-domain2.com
>>host_auth_accept_relay = *
>
>Quoting Wakko Warner <wakko@???>:
>>But to answer your question,
>>that will accept relaying via auth for
>>EVERYONE, not just your local users.


apart that this is strictly incorrect, because a local user is a
local user and has nothing to do with IP addresses... as I already
said I do not see a problem with that! On most systems that allow
authorised relay this is not limited to machines on certain networks,
because the whole point of authorisation is to allow people to roam
and still be able to send email.

>If I comment out the line
>
>>host_auth_accept_relay = *
>
>will that ensure that only users logging from the the urls/ip# listed under
>host_accept_relay will be able to route messages?



aren't we repeating ourselves?... Notation: you did not mean urls
(URLs) but FQDN. Anyway, this will ensure that only users in those
IP/FQDN will be able to relay without autorisation, that is not
logging in. I guess (I do not know exim 3!) I suppose it will not
allow users using authorisation (SMTP AUTH) to relay at all.
Personally I allow relay only from authorised users over encrypted
connection, whatever ip they come from, even 127.0.0.1. Much safer.

Giuliano