Re: [exim] Mail relaying

Top Page
Delete this message
Reply to this message
Author: Muhammed afsal
Date:  
To: exim-users, sal983
Subject: Re: [exim] Mail relaying
Hello Mr Phill,

I am appreciating your patience to sort out my issues. I am believing my
post is not much enough ..

The issue is that .. Now

Spammers configure a fake mail accout "fake@???" in an Outlook express"
mail as outgoing mail server as test.com. As there is no smtp authentication
in exim where mail server for test.com running, they can use account "
fake@???" to sent spam mails to another mail servers.

Thanks,
Sal.

On Jan 7, 2008 11:43 PM, Phil Pennock <exim-users@???> wrote:

> On 2008-01-07 at 09:20 -0800, sal983 wrote:
> > We had implemented a gateway mail server ( Running Exim 4.68 Ver ) to
> > reduce the spam mails to our traditional "Groupwise" mail server, and
> was
> > working fine till last week. ie mail to our domain ( let me call "
> test.com"
> > ) is hitting the exim mail server first and delivering to groupwise
> > mailsever one it is filtered.
> > The following are the code fragment from our exim.conf, where we are
> routing
> > the filtered mails to the IP 192.168.1.3.
> >
> >
> > internal:
> >   driver = manualroute
> >   domains =test.com             //Relaying allowed only from test.com

>
> That comment should be "only to test.com", to not from.
>
> > transport = spamcheck
> > route_data= 192.168.1.3
> >
> > As all mail accounts are residing in our groupwise mail server , I am
> not
> > able ( Due to my ignorance :( ) to enable smtp authentication for the
> > users. So now anyone can relay the mails ( But there account should be
> > *@test.com ) to through exim mail server to other mail server. many of
> the
> > spammers are misusing the vulnerability to send spam through our mail
> > server.
>
> I take it that the problem is:
>
> * groupwise regards mail coming from "inside" to be mail which it can
> send out to the world.
> * your Exim server is "inside"
> * something in groupwise supports embedded addresses
> (foo%bar.com@??? or "foo@???) or something else.
>
> Options include:
>
> * find out how to tell Groupwise that the IP address which the Exim
> server is on is external, not internal
> * disable the embedded email address support in Groupwise
>
> If Groupwise doesn't have embeeded email address support turn on, then
> the "internal" router which you supplied is not in fact the router being
> used to pass email on. Exim's mainlog file will tell you which Router
> is actually being used (R=internal for instance).
>
> If none of this helps, we're going to need to see your Exim
> configuration file and an example log-line of spam being relayed.
>
> -Phil
> (who might not respond again for a few hours, so anyone who sees a
> problem with whatever sal983 posts back, jump in!)
>