Re: [exim] Need Help to Solve security hole

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: Re: [exim] Need Help to Solve security hole
On Tue, 21 Jun 2005 16:41:21 -0700 (PDT), Sergio Basurto Juarez
<sbasurtoj@???> wrote:
>I am very new to exim, I installed on a test server
>with Debian, at the very beginning I did not configure
>SMTP auth so every one that connect to my port 25 can
>send whatever they want,


Very bad idea. Please take the host offline immediately and repeat
your experiments on a host that is not publicly reachable.

>I understand that leave SMTP without an auth method is
>a security hole, so I should reinstall the complete
>server because even if I deinstall exim and reinstall
>it, it goes on sending a lot of stuff.


No, reinstalling the complete system is most probably not necessary
since I don't think that you have been compromised just by configuring
an open relay. I'd guess that closing the open relay is first
priority, and if you want to you might want to check for backdoors and
root kits.

When you mean "deinstall exim and reinstall", did you also change the
configuration not to be an open relay any more? Are you sure that the
outgoing e-mail is really sent by exim? What do the logs say?

>Righ now I have totaly configured my server with
>Debian, and I still want to use exim as my MTA, the
>question is how can I configure cram-md5 and force
>exim to always ask for auth.


Please, learn the basics of your trade, and don't do this on the
public internet.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834