Re: [exim] help me close an open relay

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Zbigniew Szalbot
Date:  
À: exim-users
Sujet: Re: [exim] help me close an open relay
Hello,

Nigel Metheringham wrote:
> Try using exim -bh <ip> (and an SMTP conversation), probably with
> debug switched on (ie -dacl or -d all) to see whats happening in this
> case.


I changed vexim acl into:
deny    message       = DNSBL listed at $dnslist_domain\n$dnslist_text
          dnslists      = zen.spamhaus.org


and got this
>>> using ACL "acl_check_rcpt"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check sender_domains = +whitelisted
>>> in "lsearch;/usr/local/etc/exim/whitelist.tld"? no (end of list)
>>> in "+whitelisted"? no (end of list)
>>> accept: condition test failed
>>> processing "deny"
>>> check dnslists = cbl.abuseat.org : dnsbl.njabl.org : list.dsbl.org :

zen.spamhaus.org : dnsbl.sorbs.net
>>> DNS list check: cbl.abuseat.org
>>> new DNS lookup for 226.79.106.87.cbl.abuseat.org
>>> DNS lookup for 226.79.106.87.cbl.abuseat.org failed
>>> => that means 87.106.79.226 is not listed at cbl.abuseat.org
>>> DNS list check: dnsbl.njabl.org
>>> new DNS lookup for 226.79.106.87.dnsbl.njabl.org
>>> DNS lookup for 226.79.106.87.dnsbl.njabl.org failed
>>> => that means 87.106.79.226 is not listed at dnsbl.njabl.org
>>> DNS list check: list.dsbl.org
>>> new DNS lookup for 226.79.106.87.list.dsbl.org
>>> DNS lookup for 226.79.106.87.list.dsbl.org failed
>>> => that means 87.106.79.226 is not listed at list.dsbl.org
>>> DNS list check: zen.spamhaus.org
>>> new DNS lookup for 226.79.106.87.zen.spamhaus.org
>>> DNS lookup for 226.79.106.87.zen.spamhaus.org failed
>>> => that means 87.106.79.226 is not listed at zen.spamhaus.org
>>> DNS list check: dnsbl.sorbs.net
>>> new DNS lookup for 226.79.106.87.dnsbl.sorbs.net
>>> DNS lookup for 226.79.106.87.dnsbl.sorbs.net failed
>>> => that means 87.106.79.226 is not listed at dnsbl.sorbs.net
>>> deny: condition test failed
>>> processing "deny"
>>> check dnslists = zen.spamhaus.org:list.dsbl.org
>>> DNS list check: zen.spamhaus.org
>>> using result of previous DNS lookup
>>> DNS lookup for 226.79.106.87.zen.spamhaus.org failed
>>> => that means 87.106.79.226 is not listed at zen.spamhaus.org
>>> DNS list check: list.dsbl.org
>>> using result of previous DNS lookup
>>> DNS lookup for 226.79.106.87.list.dsbl.org failed
>>> => that means 87.106.79.226 is not listed at list.dsbl.org
>>> deny: condition test failed
>>> processing "deny"
>>> check local_parts = ^.*[@%!/|] : ^\\.
>>> listme in "^.*[@%!/|] : ^\."? no (end of list)
>>> deny: condition test failed
>>> processing "accept"
>>> check local_parts = postmaster
>>> listme in "postmaster"? no (end of list)
>>> accept: condition test failed
>>> processing "deny"
>>> check !hosts = localhost
>>> gethostbyname2 looked up these IP addresses:
>>> name=localhost.168.11.51 address=::1
>>> name=localhost.168.11.51 address=127.0.0.1
>>> host in "localhost"? no (end of list)
>>> check local_parts = root
>>> listme in "root"? no (end of list)
>>> deny: condition test failed
>>> processing "deny"
>>> check local_parts = zbyszek
>>> listme in "zbyszek"? no (end of list)
>>> deny: condition test failed
>>> processing "require"
>>> check verify = sender
>>> require: condition test succeeded
>>> processing "accept"
>>> check domains = +local_domains
>>> spamco.kick-ass.org in "@ : : "? no (end of list)
>>> spamco.kick-ass.org in "+local_domains"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check domains = +relay_to_domains
>>> spamco.kick-ass.org in ""? no (end of list)
>>> spamco.kick-ass.org in "+relay_to_domains"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check hosts = +relay_from_hosts
>>> host in "+relay_from_hosts"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check authenticated = *
>>> accept: condition test failed
>>> processing "deny"
>>> deny: condition test succeeded

550 relay not permitted
LOG: H=mx.spamcops.de (spamcops.de) [87.106.79.226] F=<> rejected RCPT
listme@???: relay not permitted

So basically now I am no longer an open relay?

My only question would be how do I make sure that even if someone is in
spamhouse, they can send mail if they authenticate?


Thanks!

--
Zbigniew Szalbot