Autor: W B Hacker Data: Para: exim users Asunto: Re: [exim] Mail relay testing
build wrote: > On 15/11/2007, W B Hacker <wbh@???> wrote:
>> build wrote:
>>
>> *trimmed*
>> *trimmed*
>>
> Thanks Bill,
> "All tests performed, no relays accepted."
> Added comments to entries in conf so I know what they are in the
> future then I commented out those lines.
>
> Should I run this test on a regular basis?
> If so:
> How often? Daily? Weekly? Monthly?
> Can I somehow run it from the mail server itself using cron?
>
> Again, thanking you regards,
> build
>
Ordinarily no need to even run it a second time *unless* you
have made the 'dangerous' sort of changes to the configuration.
Until/ unless you are comfortable with what 'dangerous' might be, I'd suggest
running it after ANY change to your configuration.
Further - no matter how good the lockdown of Exim itself, if you support the
traditional system /etc/aliases router, and/or do a silent accept then
'blackhole' on, for example 'catch-all' traffic, some of the open-relay testers
out there may at least 'brand' your server as an open-relay due to *appearing*
to accept traffic and onpass it willy-nilly.
A way around that used here is to put ALL addressees - including 'postmaster@"
into a single DB/file, use that (and no other) for verifying recipient instead
of a router-walk in verify mode, and/or set routers to 'no_verify' even if they
are good for delivery.
CAVEAT: that is arguably less efficient, and certainly less flexible than
letting Exim do the built-in 'require verify = recipient' router-query walk.
But it gives us a *single* known, predictable, place to manage ALL users,
regardless of virtual/local, *and web'ish* - whatever. Senders AND recipients.