On Wed, Aug 10, 2011 at 02:17:04AM +0100, Drav Sloan wrote:
> The Doctor wrote:
> > > You should probably read your acls, as I imagine one rule in there is
> > > accepting them wholesale. Exim only does what Exim is told to do.
>
> [snip]
>
> Have you tried exim -d -bh <ip of server>
>
> and looked at that?
>
That yields
Exim version 4.76 uid=0 gid=0 pid=16810 D=fbb95cfd
Berkeley DB: Berkeley DB 4.7.25: (May 15, 2008)
Support for: crypteq iconv() use_setclassresources Expand_dlfunc OpenSSL Content_Scanning DKIM Experimental_SPF Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: GCC [3.2.2]
Library version: OpenSSL: Compile: OpenSSL 1.0.1-dev xx XXX xxxx
Runtime: OpenSSL 1.0.1-dev xx XXX xxxx
Library version: Cyrus SASL: Compile: 2.1.23
Runtime: 2.1.23 [Cyrus SASL]
Library version: PCRE: Compile: 7.1
Runtime: 7.1 2007-04-24
Total 11 lookups
WHITELIST_D_MACROS: "TLS:SPOOL"
TRUSTED_CONFIG_LIST unset
changed uid/gid: forcing real = effective
uid=0 gid=0 pid=16810
auxiliary group list: 0
seeking password data for user "exim": cache not available
getpwnam() succeeded uid=42 gid=42
seeking password data for user "majordomo": cache not available
getpwnam() succeeded uid=60 gid=1
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
configuration file is /usr/exim/configure
log selectors = 00000ffc 00212001
trusted user
admin user
changed uid/gid: privilege not needed
uid=42 gid=42 pid=16810
auxiliary group list: 42 42
seeking password data for user "majordomo": cache not available
getpwnam() succeeded uid=60 gid=1
originator: uid=0 gid=0 login=root name="Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem,,669-2000,470-2224"
sender address = root@???
sender_fullhost = [204.209.81.1]
sender_rcvhost = [204.209.81.1]
**** SMTP testing session as if from host 204.209.81.1
**** but without any ident (RFC 1413) callback.
**** This is not for real!
host in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from [204.209.81.1]
host in host_lookup? yes (matched "*")
looking up host name for 204.209.81.1
DNS lookup of 1.81.209.204.in-addr.arpa (PTR) succeeded
IP address lookup yielded doctor.nl2k.ab.ca
gethostbyname looked up these IP addresses:
name=doctor.nl2k.ab.ca address=204.209.81.1
checking addresses for doctor.nl2k.ab.ca
204.209.81.1 OK
sender_fullhost = doctor.nl2k.ab.ca [204.209.81.1]
sender_rcvhost = doctor.nl2k.ab.ca ([204.209.81.1])
set_process_info: 16810 handling incoming connection from doctor.nl2k.ab.ca [204.209.81.1]
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 doctor.nl2k.ab.ca ESMTP Exim 4.76 Wed, 10 Aug 2011 05:26:42 -0600
220 doctor.nl2k.ab.ca ESMTP Exim 4.76 Wed, 10 Aug 2011 05:26:42 -0600
smtp_setup_msg entered
> My money is, however, on the accept statement for relay_from_hosts, which
> then short circuits all other spam / virus checks. Also you probably
> should look at plugging the hole on your web server so the spam can not
> be injected in the first instance.
>
That is easier said than done with 300 web sites here.
In postfix I have both inbound and outbound doing spam checks.\
Certainly exim can do the same.
> D.
--
Member - Liberal International This is doctor@??? Ici doctor@???
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
http://twitter.com/rootnl2k http://www.facebook.com/dyadallee
IT is done! http://groups.google.com/group/rec.arts.drwho/about
