Re: [exim] open relay aftermath

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: Matthias-Christian Ott
CC: exim-users
Subject: Re: [exim] open relay aftermath
On Sun, Feb 13, 2011 at 05:53:53PM +0100, Matthias-Christian Ott wrote:
> Hi,
>
> lately I turned my SMTP server into an open relay
>
> Luckily, nearly all of the E-mails which were left in the queue went to
> yahoo.com.tw, so I found that I'm not blacklisted at popular
> blackslists. I temporarily reject all SMTP traffic to the main server
> (except from the relays), so that all E-Mails are forwared to the main
> server from my backup relays. I Expect that the main server goes back to
> normal in a few days.


I don't think you've said why it's not back to normal already.

> Do you have any advice for what I should do additionally to ensure that
> this configuration mistake has no further consequences (like being
> blacklisted, rejected etc.)?


Fix the configuration error. Remove the spam from your queue. That will stop
you sending any more spam of this type, so although you can't guarantee that
there will be no further consequences, at least whatever consequences there
may be are out of your control anyway - you will have done what you could.

Normally I would assume you've done that already, but maybe not (see my first
paragraph).

As for other knock-on effects (e.g. incoming bandwidth use): move IPs, if you
can (you can probably switch IPs and DNS faster than the spammers will
notice). Block, temporarily or otherwise, the incoming spam connections as
far upstream as you can.

Add monitoring so that if you ever make that configuration error again, you'll
know sooner. Add something based on rate-limits so that if it happens again,
the system can autonomously take some sort of preventative action.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey