Hello Mr Phill,
I am appreciating your patience to sort out my issues. I am believing my
post is not much enough ..
The issue is that .. Now
Spammers configure a fake mail accout "fake@???" in an Outlook express"
mail as outgoing mail server as test.com. As there is no smtp authentication
in exim where mail server for test.com running, they can use account "
fake@???" to sent spam mails to another mail servers.
Thanks,
Sal.
On Jan 7, 2008 11:43 PM, Phil Pennock <exim-users@???> wrote:
> On 2008-01-07 at 09:20 -0800, sal983 wrote:
> > We had implemented a gateway mail server ( Running Exim 4.68 Ver ) to
> > reduce the spam mails to our traditional "Groupwise" mail server, and
> was
> > working fine till last week. ie mail to our domain ( let me call "
> test.com"
> > ) is hitting the exim mail server first and delivering to groupwise
> > mailsever one it is filtered.
> > The following are the code fragment from our exim.conf, where we are
> routing
> > the filtered mails to the IP 192.168.1.3.
> >
> >
> > internal:
> > driver = manualroute
> > domains =test.com //Relaying allowed only from test.com
>
> That comment should be "only to test.com", to not from.
>
> > transport = spamcheck
> > route_data= 192.168.1.3
> >
> > As all mail accounts are residing in our groupwise mail server , I am
> not
> > able ( Due to my ignorance :( ) to enable smtp authentication for the
> > users. So now anyone can relay the mails ( But there account should be
> > *@test.com ) to through exim mail server to other mail server. many of
> the
> > spammers are misusing the vulnerability to send spam through our mail
> > server.
>
> I take it that the problem is:
>
> * groupwise regards mail coming from "inside" to be mail which it can
> send out to the world.
> * your Exim server is "inside"
> * something in groupwise supports embedded addresses
> (foo%bar.com@??? or "foo@???) or something else.
>
> Options include:
>
> * find out how to tell Groupwise that the IP address which the Exim
> server is on is external, not internal
> * disable the embedded email address support in Groupwise
>
> If Groupwise doesn't have embeeded email address support turn on, then
> the "internal" router which you supplied is not in fact the router being
> used to pass email on. Exim's mainlog file will tell you which Router
> is actually being used (R=internal for instance).
>
> If none of this helps, we're going to need to see your Exim
> configuration file and an example log-line of spam being relayed.
>
> -Phil
> (who might not respond again for a few hours, so anyone who sees a
> problem with whatever sal983 posts back, jump in!)
>