Author: Jim Cheetham Date: To: exim-users Subject: Re: [exim] open relay aftermath
On 14/02/11 10:33, Dave Evans wrote: > Add monitoring so that if you ever make that configuration error again, you'll
> know sooner. Add something based on rate-limits so that if it happens again,
> the system can autonomously take some sort of preventative action.
Actually, that's a good point. You should have a set of
configuration-testing scripts hanging around, and preferably a dev
server/VM so you can test changes on there first.
I use swaks extensively to test for things that should or should not
work -- specifically for your example I attempt to send a message
to/from external users without authentication (which should fail), and
with authentication (which *might* be allowed by your site policy -- do
you restrict authenticated users to send only from the authentication
address?)
Using an eicar and a gtube file, you can test your spam & malware config
for inbound and outbound messages easily. I have also configured some
site-specific rules in spamassassin to allow me to submit a message with
almost any precise known spam score (using perfect optimal Golomb ruler
values, what fun), for threshold testing (yes, I have a site with a Junk
folder, sorry)
You can choose to run these tests regularly against your production
service to assure that the configuration is still minimally valid, and
every time you discover a fault/add a new feature, you should add at
least one test for it *first*