Re: [exim] am I an open relay?

Top Page
Delete this message
Reply to this message
Author: Jeff
Date:  
To: Exim, Users
Subject: Re: [exim] am I an open relay?

----- Original Message -----
From: "Robert Cates" <robert@???>
To: "Exim, Users" <exim-users@???>
Sent: Saturday, September 24, 2005 8:50 PM
Subject: [exim] am I an open relay?


> Hi,
>
> I've got Exim 4.43 installed and just recently setup smtp authentication

so
> my users can use their dial-up accounts from home/etc. I also am trying

to
> use/setup SSL/TLS (only) and just today I noticed a lot more traffic

through
> my server, with a lot of the following:
>
> 2005-09-24 12:25:21 1EIq3C-0002ER-6J SMTP error from remote mailer after
> MAIL FROM:<dfdfdfdfd@???> SIZE=4871: host

mx10.mail.tw.yahoo.com
> [202.43.200.99]: 451 VS2-MF5 Excessive unknown recipients - possible Open
> Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5)
> 217.91.111.75
>
> is this telling me that MY server is suspected of being an open relay? Or
> is it the mx10.mail.tw.yahoo.com server that's a possible open relay?
>
> The particular exim.conf setting I have are:
>
> [GLOBAL]
> hostlist auth_relay_hosts = *


So, you create the equivalent of a hostlist called 'auth_relay_hosts' that
contains every possible IP address, then - -

> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_auth = acl_check_auth
> acl_smtp_starttls = acl_check_auth
> auth_advertise_hosts = *
> tls_advertise_hosts = *
> tls_certificate = /etc/exim/certs
> tls_privatekey = /etc/exim/privkey
>
> [ACL]
> ... the default config, and then ...
> acl_check_auth:
>
>   accept  hosts         = +auth_relay_hosts
>           endpass
>           verify        = recipient


- - then if an email comes from any matching IP address (which is anyone),
then you check if you can route the message and if so, you accept it.

>   require verify        = sender
>   accept  authenticated = *
>   deny    message       = relay forbidden without authentication

>


Sounds like an Open Relay to me..

Rgds
Jeff