----- Original Message -----
From: "Robert Cates" <robert@???>
To: "Exim, Users" <exim-users@???>
Sent: Saturday, September 24, 2005 8:50 PM
Subject: [exim] am I an open relay?
> Hi,
>
> I've got Exim 4.43 installed and just recently setup smtp authentication
so
> my users can use their dial-up accounts from home/etc. I also am trying
to
> use/setup SSL/TLS (only) and just today I noticed a lot more traffic
through
> my server, with a lot of the following:
>
> 2005-09-24 12:25:21 1EIq3C-0002ER-6J SMTP error from remote mailer after
> MAIL FROM:<dfdfdfdfd@???> SIZE=4871: host
mx10.mail.tw.yahoo.com
> [202.43.200.99]: 451 VS2-MF5 Excessive unknown recipients - possible Open
> Relay http://help.yahoo.com/help/us/mail/spam/spam-18.html (#4.4.5)
> 217.91.111.75
>
> is this telling me that MY server is suspected of being an open relay? Or
> is it the mx10.mail.tw.yahoo.com server that's a possible open relay?
>
> The particular exim.conf setting I have are:
>
> [GLOBAL]
> hostlist auth_relay_hosts = *
So, you create the equivalent of a hostlist called 'auth_relay_hosts' that
contains every possible IP address, then - -
> acl_smtp_rcpt = acl_check_rcpt
> acl_smtp_auth = acl_check_auth
> acl_smtp_starttls = acl_check_auth
> auth_advertise_hosts = *
> tls_advertise_hosts = *
> tls_certificate = /etc/exim/certs
> tls_privatekey = /etc/exim/privkey
>
> [ACL]
> ... the default config, and then ...
> acl_check_auth:
>
> accept hosts = +auth_relay_hosts
> endpass
> verify = recipient
- - then if an email comes from any matching IP address (which is anyone),
then you check if you can route the message and if so, you accept it.
> require verify = sender
> accept authenticated = *
> deny message = relay forbidden without authentication
>
Sounds like an Open Relay to me..
Rgds
Jeff
