Re: [exim] How can I tell if my server is getting bombarded …

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tommy Butler
Datum:  
To: exim-users
CC: Bob Branch
Betreff: Re: [exim] How can I tell if my server is getting bombarded with spam?
Bob Branch wrote:
> Tommy Butler wrote:
>
>> So what you're indirectly saying is that the default Debian
>> configuration that comes with exim4 is to be an open mail relay for
>> the world?! Can it be so? I'm basically using the default
>> configuration with the exception that I'm trying to get TLS to work
>> (and it still isn't).
>
> Debian's default config relays to noone, but you should test your server
> to check for open relay.


Well it I'm afraid that all signs point to yes. I regret to say it, but I've
just shut down exim4 until I can figure out why this is. I did not modify the
exim4 conf at all other than to try and enable TLS support and I only added the
following lines:

log_selector = +tls_cipher +tls_peerdn
tls_advertise_hosts = *
tls_certificate = /etc/ssl/certs/smtp.pem
tls_privatekey = /etc/ssl/private/mail.cityairlines.net.key.nopass.pem

> Out of curiosity, I tested yours at http://www.abuse.net/relay.html and
> got the following:
>
> **begin quote
> Relay test 1
> >>> RSET
> <<< 250 Reset OK
> >>> MAIL FROM:<spamtest@???>
> <<< 250 OK
> >>> RCPT TO:<securitytest@???>
> <<< 250 Accepted
> Relay test result
> Hmmn, at first glance, host appeared to accept a message for relay.


I appreciate you letting me know about this.

> THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
>
> Some systems appear to accept relay mail, but then reject messages
> internally rather than delivering them, but you cannot tell at this
> point whether the message will be relayed or not.
>
> You cannot tell if it is really an open relay without sending a test
> message; this anonymous user test DID NOT send a test message.
> **end quote
>
> You've reconfigured something. Both my exim3 and exim4 servers use
> debian's default packages (exim-tls for exim3 and exim4-daemon-heavy for
> exim4), I haven't touched the relay settings, and they're all closed
> relays. Granted, I'm speaking of the stable and testing branches of
> debian - I haven't tried with unstable, but it's common sense you
> shouldn't use unstable on a server, so I'm guessing you aren't.


--
Tommy Butler
tommy@???