[exim] Open Relay questions/problems

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Robert Cates
Ημερομηνία:  
Προς: Exim, Users
Αντικείμενο: [exim] Open Relay questions/problems
Hi,

a couple of days ago I reconfigured my Exim (4.43) so that I could let my
customers access and send e-mail from their homes/office/etc (road-warriors
as some call them). Suddenly I was receiving alot of mail (spam), but I
believe only a very few actually got relayed, and some of you believe(d) I
configured an open relay. Now, my questions are:

1) directly after reconfiguring I ran at least 3 different tests from 2
different sources to see if I had an open relay, and they all said - NOT an
Open Relay. The tests were (from): telnet relay-test.mail-abuse.org,
http://www.mob.net/~ted/tools/relaytester.php3 and the test from
http://ordb.org/submit/. So how could I still be an Open Relay? (You can
see my config below.)

2) instead of using: 'hostlist auth_relay_hosts = * ' , should I list
all of the major ISPs with dial-up that my customers do/might use, and hope
I do not get complaints from customers who do not use a major dial-up ISP?
If so, wouldn't that be about the same since spammers tend to use dial-up
connections to do their durty work?

3) how can stop even getting all/most of the spam to my server?

4) how can I remove the messages backed up in the queue from undeliverable
mail?

5) does anybody have a list of major ISP dial-ups configured that I could
use, especially from Germany?

6) what's the differnce between 'fixed_login:' and just 'login:' ?

Here's the pertinent part of my configuration (for SMTP authentication for
my dial-up users):

[GLOBAL section]
hostlist auth_relay_hosts = *
acl_smtp_auth = acl_check_auth
acl_smtp_starttls = acl_check_auth
auth_advertise_hosts = *
tls_advertise_hosts = *
tls_certificate = /etc/exim/certs
tls_privatekey = /etc/exim/privkey

[ACL section]
acl_check_auth:

  accept  hosts         = +auth_relay_hosts
#          endpass
  require verify        = sender
  accept  authenticated = *
  deny    domains       = !+local_domains
          message       = relay forbidden without authentication


[AUTHENTICATION section]
plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = "\
    # $2 = Username | $3 = password
    ${if and {{!eq{$2}{}}{!eq{$3}{}} \
    {crypteq{$3}{${extract{1}{:} \
    {${lookup{$2}lsearch{/etc/exim/.passwd}{$value}{*:*}}}}}}}{1}{0}}"
  server_set_id = $2


login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = "Username:: : Password::"
  server_condition = "\
    # $1 = Username | $2 = password
    ${if and {{!eq{$1}{}}{!eq{$2}{}} \
    {crypteq{$2}{${extract{1}{:} \
    {${lookup{$1}lsearch{/etc/exim/.passwd}{$value}{*:*}}}}}}}{1}{0}}"
  server_set_id = $1




Thanks in advance for all/any help!
Robert