Re: [exim] Re: How can I tell if my server is getting bombar…

Top Page
Delete this message
Reply to this message
Author: Tommy Butler
Date:  
To: exim-users
CC: Marc Haber
Subject: Re: [exim] Re: How can I tell if my server is getting bombarded with spam?
Marc Haber wrote:
> On Wed, 15 Dec 2004 17:55:44 -0600, Tommy Butler <tommy@???>
> wrote:
>
>>Wakko Warner wrote:
>>
>>>You have in your config somewhere:
>>>domainlist relay_to_domains = *
>>
>>Yes I do; it's the only way I can get the server to send anything.
>
> No, it is not. Which other ways did you try?


I tried the following:
domainlist relay_to_domains = *
#domainlist relay_to_domains = *
domainlist relay_to_domains =
domainlist relay_to_domains = localhost
domainlist relay_to_domains = cityairlines.net

none of which worked.

>>I've already made your suggested change, and when doing that it only will relay
>>mail sent to other people with email addresses @cityairlines.net (our domain).
>
> You need to set up other ways for authentication for outgoing e-mail.
> Typical ways for simple setups are relaying messages that come in from
> your local network, or to use SMTP AUTH.


This is why I'm trying to get SSL support working; so I can close port 25 and
only allow mail that is authenticated via SSL

>>I'm not using the split config. I'm using the configuration files that were
>>installed by debian.
>
> Which is the split config in /etc/exim4/conf.d, or a monolithic file
> /etc/exim4/exim4.conf.template.


I'm not sure I understand what you are saying there, but to use the split
config, you edit your update-exim4.conf.conf file so that the line
"dc_use_split_config='false'" becomes "dc_use_split_config='true'"

For anyone who is curious, here's my update-exim4.conf.conf:

# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='internet'
dc_other_hostnames='cityairlines.net:casino-airlines.com:casinoairlines.net'
dc_local_interfaces='127.0.0.1:206.123.72.157'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''

>> As mentioned in an earlier post in this thread by Adam D.
>>Barrat, when I first installed exim4 using apt-get, I encountered the following
>>prompt, to which I accepted the default, which is to relay for no one. Even
>>having done so the config file created by the installation said "domainlist
>>relay_to_domains = *"
>
> Which is, if it really happens, a BAD bug. Can you reproduce this? If
> yes, please file a bug with the Debian BTS.


When I get my problems worked out, I will.

> Debian's reportbug script will dump the relevant parts of the Debconf
> database into the bug report, and we'll see what was entered there.


I come to this when running the script:

Subject: exim4-daemon-heavy: open relay by default
Package: exim4-daemon-heavy
Version: 4.34-8
Severity: normal

*** Please type your report below this line ***


-- Package-specific info:
Exim version 4.34 #1 built 20-Nov-2004 11:32:14
Copyright (c) University of Cambridge 2004
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (May 26, 2004)
Support for: iconv() IPv6 PAM Perl GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch
ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Contains exiscan-acl patch revision 21 (c) Tom Kistner
[http://duncanthrax.net/exiscan/]
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'

dc_eximconfig_configtype='internet'
dc_other_hostnames='cityairlines.net:casino-airlines.com:casinoairlines.net'
dc_local_interfaces='127.0.0.1:206.123.72.157'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
mailname:cityairlines.net

-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages exim4-daemon-heavy depends on:
ii  exim4-base                  4.34-8       EXperimental Internal Mailer -- a
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libdb3                      3.2.9-20     Berkeley v3 Database Libraries [ru
ii  libgnutls11                 1.0.16-9     GNU TLS library - runtime library
ii  libldap2                    2.1.30-3     OpenLDAP libraries
ii  libmysqlclient10            3.23.56-2    LGPL-licensed client library for M
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libpcre3                    4.5-1.1      Perl 5 Compatible Regular Expressi
ii  libperl5.8                  5.8.4-3      Shared Perl library
ii  libpq3                      7.4.6-5      PostgreSQL C client library


-- no debconf information

>>>when you find the file, edit it, and remove the *
>>>also, you should run the update-<whatever> to rebuild the config file (if
>>>you are infact using split config)
>>
>>This I have done, and my server continues to function as an open relay. What
>>the #@$(* is going on?! I am going nuts. My boss is very unhappy that the smtp
>>server is still down.
>
> Did you change the appropriate value in
> /etc/exim4/update-exim4.conf.conf and re-run update-exim4.conf (which
> is automatically done by the init script when starting or reloading
> exim)?


Yes, I did.

--
Tommy Butler
tommy@???