On Tue, Jan 08, 2008 at 01:18:01AM +0400, Muhammed afsal wrote:
> Spammers configure a fake mail accout "fake@???" in an Outlook express"
> mail as outgoing mail server as test.com. As there is no smtp authentication
> in exim where mail server for test.com running, they can use account "
> fake@???" to sent spam mails to another mail servers.
In that case, the problem lies in your RCPT ACL. Basically, you need to
control relaying by testing the connecting host's IP address ("hosts ="), not
their claimed mail-from address ("senders ="). Read
http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTaclconditions
for more.
If you'd like advice more specific to your situation, please show
us your RCPT ACL, and tell us what users /should/ be allowed to relay through
your server - i.e. what IP ranges you trust, and whether or not you use
authentication.
--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
