Ryan Kerwin Macrohon wrote:
> My server is now flooded with emails...maybe they're using my email as a relay..I dont know what to do..ive been receiving lots of mail delivery failure notices already...what will i do?
>
The default configuration is safe, so if you haven't messed around with
ACLs or what Exim thinks are local domains you should be safe.
If you're just receiving bounces it could be that someone is sending
spam in your name. You can temporarily reject those with the right ACL
statements, but watch out for collateral damage.
If you think that you may have misconfigured Exim and that someone is
using it as an open relay, you can test it with an open relay testing
service such as
http://www.abuse.net/relay.html or
relay-test.mail-abuse.org, which you use by telnetting to it from the
mail server in question.
It could be that you're not an open relay, but that you accept mail to
addresses that don't exist in your domain, or that exists but can't be
delivered to for other reasons.
Check your logs (/var/log/exim/mainlog*)! "<=" indicate incoming mail,
"=>" indicate delivered mail. Each such line starts with a date and time
and a message-ID. If you see that, for the same message-ID, mail comes
in from an unknown host (H= indicates the host, but don't trust the
value within (), it's the HELO string) and goes out to an unknown host
for an unknown address, you have to take action. Read chapter 48, esp.
48.5 and 48.13, in the specification.
Check your ACLs. Read chapter 39, esp. 39.36, in the specification
thoroughly - it's important stuff for responsible postmasters.
If you still don't know what to do, post log excerpts and configuration
here.
--
Magnus Holmgren
