I have a mail server running exim 4.65 connected to the network with static
IP. I have only local users and two domains that I want to receive email
from . I do not want to relay anything.
However when I run:
------------------------------------------------------------------------------------------------
telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to cygnus.mail-abuse.org.
Escape character is '^]'.
Connecting to 75.48.112.185 ...
<<< 220 Kesh.com ESMTP Exim 4.65 Sun, 13 May 2007 11:24:53 -0700
>>> HELO cygnus.mail-abuse.org
<<< 250 Kesh.com Hello cygnus.mail-abuse.org [168.61.4.13]
:Relay test: #Quote test
>>> mail from: <spamtest@???>
<<< 250 OK
>>> rcpt to: <"nobody@???">
<<< 501 <"nobody@???">: recipient address must contain a domain
>>> rset
<<< 250 Reset OK
:Relay test: #Test 1
>>> mail from: <nobody@???>
<<< 250 OK
>>> rcpt to: <nobody@???>
<<< 250 Accepted
>>> QUIT
<<< 221 Kesh.com closing connection
Tested host banner: 220 Kesh.com ESMTP Exim 4.65 Sun, 13 May 2007
11:24:53 -0700
System appeared to accept 1 relay attempts
Connection closed by foreign host.
------------------------------------------------------------------------------------------------
I have been reading for three days and have made change after change to
my /etc/exim4/exim4.conf and have yet to able to close this open relay.
Can someone point me to a simple configuration for handling local users only,
or a way to close this relay.
Thanks in advance,
Elias
# $Cambridge: exim/exim-src/src/configure.default,v 1.12 2006/10/25 08:42:57
ph10 Exp $
######################################################################
# Runtime configuration file for Exim #
######################################################################
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
# added ejk
smtp_accept_max = 50
smtp_accept_reserve = 0
smtp_reserve_hosts = "kesh.com"
# primary_hostname =
# ejk 2007-05-13
hostlist auth_relay_hosts = *
acl_smtp_auth = acl_check_auth
acl_smtp_starttls = acl_check_auth
auth_advertise_hosts = *
domainlist local_domains = kesh.com : chocolaterice.com :
cruisecontroljazz.com : localhost
domainlist relay_to_domains = kesh.com : chocolaterice.com
domainlist relay_domains = kesh.com : chocolaterice.com
# ejk 2007-05-9
hostlist relay_from_hosts = 127.0.0.1
#hostlist relay_from_hosts = 127.0.0.1 : 75.48.112.185/16
hostlist relay_hosts = localhost
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
# tls_advertise_hosts = *
#tls_certificate = /etc/exim4/exim.crt
#tls_privatekey = /etc/exim4/exim.pem
daemon_smtp_ports = 25 : 465 : 587 : 443
tls_on_connect_ports = 465
never_users = root
# host_lookup = *
rfc1413_hosts = *
rfc1413_query_timeout = 5s
ignore_bounce_errors_after = 1d
timeout_frozen_after = 1d
split_spool_directory = true
######################################################################
# ACL CONFIGURATION #
# Specifies access control lists for incoming SMTP mail #
######################################################################
begin acl
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
acl_check_auth:
accept hosts = +auth_relay_hosts
endpass
require verify = sender
accept authenticated = *
deny domains = !+local_domains
message = relay forbidden without authentication
acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
# ejk 2007-05-05
# accept hosts = +local_domains
# accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
accept local_parts = postmaster
domains = +local_domains
# Deny unless the sender address can be verified.
require verify = sender
# ejk 2007-05-03
# accept hosts = +relay_from_hosts
accept hosts = +relay_domains
deny hosts = +relay_from_hosts
control = submission
# ejk 2007-05-05
# accept authenticated = *
# control = submission
# ejk 2007-02-08
# ejk 2007-05-3
require message = relay not permitted
# deny message = relay not permitted
domains = +local_domains
# domains = +local_domains : +relay_to_domains
# ejk Without this, everything goes through.
require verify = recipient
# ejk added 2007-05-09
# require verify = csa
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
accept
acl_check_data:
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
#
# deny malware = *
# message = This message contains a virus ($malware_name).
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You may also need to set the spamd_address
# option above.
#
# warn spam = nobody
# add_header = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
# Accept the message.
accept
######################################################################
# ROUTERS CONFIGURATION #
# Specifies how addresses are handled #
######################################################################
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
# An address is passed to each router in turn until it is accepted. #
######################################################################
begin routers
# domain_literal:
# driver = ipliteral
# domains = ! +local_domains
# transport = remote_smtp
# added ejk
# pass''on''to_isp:
# driver = manualroute
# domains = !+local_domains
# transport = remote_smtp
# route_list = * smtp.myisp.com
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more
system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# ejk data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe
userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user
######################################################################
# TRANSPORTS CONFIGURATION #
######################################################################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
######################################################################
# A transport is used only when referenced from a router that successfully
# handles an address.
begin transports
# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp
local_delivery:
driver = appendfile
# file = /var/mail/$local_part
# ejk
mode_fail_narrower = false
maildir_format = true
directory= /var/mail/${local_part}
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660
address_pipe:
driver = pipe
return_output
address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply
######################################################################
# RETRY CONFIGURATION #
######################################################################
begin retry
# Address or Domain Error Retries
# ----------------- ----- -------
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
######################################################################
# REWRITE CONFIGURATION #
######################################################################
# There are no rewriting specifications in this default configuration file.
begin rewrite
######################################################################
# AUTHENTICATION CONFIGURATION #
######################################################################
begin authenticators
#PLAIN:
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
fixed_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
{crypteq{$2}{${extract{1}{:} \
{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{*:*}}}}}}}{1}{0}}"
server_set_id = $1
#LOGIN:
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
# server_condition = Authentication is not yet configured
# server_advertise_condition = ${if def:tls_cipher }
######################################################################
# CONFIGURATION FOR local_scan() #
######################################################################
# begin local_scan
# End of Exim configuration file
