Re: [exim] am I an open relay?

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Jakob Hirsch
Data:  
Para: robert
CC: 'Exim-users'
Asunto: Re: [exim] am I an open relay?
Robert Cates wrote:

> I've got Exim 4.43 installed and just recently setup smtp authentication so
> my users can use their dial-up accounts from home/etc. I also am trying to
> use/setup SSL/TLS (only) and just today I noticed a lot more traffic through
> my server, with a lot of the following:


traffic whence whereto? One of your users have might have an unsafe web
application for sending messages, e.g.

> 2005-09-24 12:25:21 1EIq3C-0002ER-6J SMTP error from remote mailer after
> MAIL FROM:<dfdfdfdfd@???> SIZE=4871: host mx10.mail.tw.yahoo.com


This adress looks rather phony. How did this message come to your system?

> is this telling me that MY server is suspected of being an open relay? Or


yes.

> acl_check_auth:
>
>   accept  hosts         = +auth_relay_hosts
>           endpass
>           verify        = recipient
>   require verify        = sender
>   accept  authenticated = *
>   deny    message       = relay forbidden without authentication


This whole ACL is useless. auth_relay_hosts matches every host,
recipient verification is not possible at this time, so the "accept"
will always happen.
Your deny message shows that you misunderstood something.
acl_smtp_auth is to check if somebody is allowed to use the AUTH
command. The earliest time you can check if somebody is trying to relay
is in acl_smtp_rcpt, because "relay" means "recpient is not in my
local_domains" and you cannot know that before you get the recipients.

The remainder looks ok, no hint for open relay. You can use "telnet
relay-test.mail-abuse.org" on your mailserver to do some simple tests.