Robert Cates wrote:
> I've got Exim 4.43 installed and just recently setup smtp authentication so
> my users can use their dial-up accounts from home/etc. I also am trying to
> use/setup SSL/TLS (only) and just today I noticed a lot more traffic through
> my server, with a lot of the following:
traffic whence whereto? One of your users have might have an unsafe web
application for sending messages, e.g.
> 2005-09-24 12:25:21 1EIq3C-0002ER-6J SMTP error from remote mailer after
> MAIL FROM:<dfdfdfdfd@???> SIZE=4871: host mx10.mail.tw.yahoo.com
This adress looks rather phony. How did this message come to your system?
> is this telling me that MY server is suspected of being an open relay? Or
yes.
> acl_check_auth:
>
> accept hosts = +auth_relay_hosts
> endpass
> verify = recipient
> require verify = sender
> accept authenticated = *
> deny message = relay forbidden without authentication
This whole ACL is useless. auth_relay_hosts matches every host,
recipient verification is not possible at this time, so the "accept"
will always happen.
Your deny message shows that you misunderstood something.
acl_smtp_auth is to check if somebody is allowed to use the AUTH
command. The earliest time you can check if somebody is trying to relay
is in acl_smtp_rcpt, because "relay" means "recpient is not in my
local_domains" and you cannot know that before you get the recipients.
The remainder looks ok, no hint for open relay. You can use "telnet
relay-test.mail-abuse.org" on your mailserver to do some simple tests.
