On 2008-01-07 at 09:20 -0800, sal983 wrote:
> We had implemented a gateway mail server ( Running Exim 4.68 Ver ) to
> reduce the spam mails to our traditional "Groupwise" mail server, and was
> working fine till last week. ie mail to our domain ( let me call "test.com"
> ) is hitting the exim mail server first and delivering to groupwise
> mailsever one it is filtered.
> The following are the code fragment from our exim.conf, where we are routing
> the filtered mails to the IP 192.168.1.3.
>
>
> internal:
> driver = manualroute
> domains =test.com //Relaying allowed only from test.com
That comment should be "only to test.com", to not from.
> transport = spamcheck
> route_data= 192.168.1.3
>
> As all mail accounts are residing in our groupwise mail server , I am not
> able ( Due to my ignorance :( ) to enable smtp authentication for the
> users. So now anyone can relay the mails ( But there account should be
> *@test.com ) to through exim mail server to other mail server. many of the
> spammers are misusing the vulnerability to send spam through our mail
> server.
I take it that the problem is:
* groupwise regards mail coming from "inside" to be mail which it can
send out to the world.
* your Exim server is "inside"
* something in groupwise supports embedded addresses
(foo%bar.com@??? or "foo@???) or something else.
Options include:
* find out how to tell Groupwise that the IP address which the Exim
server is on is external, not internal
* disable the embedded email address support in Groupwise
If Groupwise doesn't have embeeded email address support turn on, then
the "internal" router which you supplied is not in fact the router being
used to pass email on. Exim's mainlog file will tell you which Router
is actually being used (R=internal for instance).
If none of this helps, we're going to need to see your Exim
configuration file and an example log-line of spam being relayed.
-Phil
(who might not respond again for a few hours, so anyone who sees a
problem with whatever sal983 posts back, jump in!)