[exim] Can't close open relay.

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Elias Kesh
Date:  
À: exim-users
Sujet: [exim] Can't close open relay.

I have a mail server running exim 4.65 connected to the network with static
IP. I have only local users and two domains that I want to receive email
from . I do not want to relay anything.
However when I run:

------------------------------------------------------------------------------------------------
telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to cygnus.mail-abuse.org.
Escape character is '^]'.
Connecting to 75.48.112.185 ...
<<< 220 Kesh.com ESMTP Exim 4.65 Sun, 13 May 2007 11:24:53 -0700
>>> HELO cygnus.mail-abuse.org

<<< 250 Kesh.com Hello cygnus.mail-abuse.org [168.61.4.13]
:Relay test: #Quote test
>>> mail from: <spamtest@???>

<<< 250 OK
>>> rcpt to: <"nobody@???">

<<< 501 <"nobody@???">: recipient address must contain a domain
>>> rset

<<< 250 Reset OK
:Relay test: #Test 1
>>> mail from: <nobody@???>

<<< 250 OK
>>> rcpt to: <nobody@???>

<<< 250 Accepted
>>> QUIT

<<< 221 Kesh.com closing connection
Tested host banner: 220 Kesh.com ESMTP Exim 4.65 Sun, 13 May 2007
11:24:53 -0700
System appeared to accept 1 relay attempts
Connection closed by foreign host.
------------------------------------------------------------------------------------------------

I have been reading for three days and have made change after change to
my /etc/exim4/exim4.conf and have yet to able to close this open relay.

Can someone point me to a simple configuration for handling local users only,
or a way to close this relay.

Thanks in advance,
Elias

# $Cambridge: exim/exim-src/src/configure.default,v 1.12 2006/10/25 08:42:57
ph10 Exp $

######################################################################
#                  Runtime configuration file for Exim               #
######################################################################


######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


# added ejk
smtp_accept_max = 50
smtp_accept_reserve = 0
smtp_reserve_hosts = "kesh.com"
# primary_hostname =

# ejk 2007-05-13
hostlist auth_relay_hosts = *
acl_smtp_auth = acl_check_auth
acl_smtp_starttls = acl_check_auth
auth_advertise_hosts = *


domainlist local_domains = kesh.com : chocolaterice.com : 
cruisecontroljazz.com : localhost
domainlist relay_to_domains = kesh.com : chocolaterice.com 
domainlist relay_domains = kesh.com : chocolaterice.com 
# ejk 2007-05-9
hostlist   relay_from_hosts = 127.0.0.1 
#hostlist   relay_from_hosts = 127.0.0.1 : 75.48.112.185/16
hostlist    relay_hosts = localhost


acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data


# tls_advertise_hosts = *
#tls_certificate = /etc/exim4/exim.crt
#tls_privatekey = /etc/exim4/exim.pem


daemon_smtp_ports = 25 : 465 : 587 : 443
tls_on_connect_ports = 465

never_users = root
# host_lookup = *

rfc1413_hosts = *
rfc1413_query_timeout = 5s

ignore_bounce_errors_after = 1d
timeout_frozen_after = 1d

split_spool_directory = true


######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################


begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_auth:

  accept  hosts         = +auth_relay_hosts
  endpass
  require verify        = sender
 accept  authenticated = *
 deny    domains       = !+local_domains
  message       = relay forbidden without authentication


acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

# ejk 2007-05-05
# accept hosts = +local_domains
# accept hosts = :


  deny    message       = Restricted characters in address
          domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]


   deny    message       = Restricted characters in address
          domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
    accept  local_parts   = postmaster
          domains       = +local_domains


# Deny unless the sender address can be verified.

  require verify        = sender



# ejk 2007-05-03
#  accept  hosts         = +relay_from_hosts
  accept  hosts         = +relay_domains
 deny   hosts         = +relay_from_hosts
          control       = submission


# ejk 2007-05-05
#  accept  authenticated = *
#          control       = submission


# ejk 2007-02-08
# ejk 2007-05-3
  require message = relay not permitted
#  deny message = relay not permitted
          domains = +local_domains 
#          domains = +local_domains : +relay_to_domains


# ejk Without this, everything goes through.
require verify = recipient

    # ejk added 2007-05-09
# require verify = csa
  # At this point, the address has passed all the checks that have been
  # configured, so we accept it unconditionally.


accept


acl_check_data:

  # Deny if the message contains a virus. Before enabling this check, you
  # must install a virus scanner and set the av_scanner option above.
  #
  # deny    malware    = *
  #         message    = This message contains a virus ($malware_name).


  # Add headers to a message if it is judged to be spam. Before enabling this,
  # you must install SpamAssassin. You may also need to set the spamd_address
  # option above.
  #
  # warn    spam       = nobody
  #         add_header = X-Spam_score: $spam_score\n\
  #                      X-Spam_score_int: $spam_score_int\n\
  #                      X-Spam_bar: $spam_bar\n\
  #                      X-Spam_report: $spam_report


# Accept the message.

accept



######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################


begin routers

# domain_literal:
# driver = ipliteral
# domains = ! +local_domains
# transport = remote_smtp


# added ejk
# pass''on''to_isp:
# driver = manualroute
# domains = !+local_domains
# transport = remote_smtp
# route_list = * smtp.myisp.com


dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more


system_aliases:
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# ejk data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe


userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply

localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user


######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports


# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp

local_delivery:
driver = appendfile
# file = /var/mail/$local_part
# ejk
mode_fail_narrower = false
maildir_format = true
directory= /var/mail/${local_part}
delivery_date_add
envelope_to_add
return_path_add
group = mail
mode = 0660

address_pipe:
driver = pipe
return_output

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
address_reply:
driver = autoreply



######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


begin retry


# Address or Domain    Error       Retries
# -----------------    -----       -------


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h




######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.

begin rewrite



######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################



begin authenticators


#PLAIN:
#  driver                     = plaintext
#  server_set_id              = $auth2
#  server_prompts             = :
#  server_condition           = Authentication is not yet configured
#  server_advertise_condition = ${if def:tls_cipher }


fixed_login:
 driver = plaintext
 public_name = LOGIN
 server_prompts = Username:: : Password::
  server_condition = "${if and {{!eq{$1}{}}{!eq{$2}{}} \
              {crypteq{$2}{${extract{1}{:} \
{${lookup{$1}lsearch{/etc/exim4/passwd}{$value}{*:*}}}}}}}{1}{0}}"


server_set_id = $1

#LOGIN:
#  driver                     = plaintext
#  server_set_id              = $auth1
#  server_prompts             = <| Username: | Password:
#  server_condition           = Authentication is not yet configured
#  server_advertise_condition = ${if def:tls_cipher }



######################################################################
#                   CONFIGURATION FOR local_scan()                   #
######################################################################


# begin local_scan


# End of Exim configuration file