Re: [exim] Help Spam sending flood from localhost

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MW B Hacker at <-
M 
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Help Spam sending flood from localhost
The Doctor wrote:
> On Sun, Sep 18, 2011 at 06:43:29AM +0000, W B Hacker wrote:
>> The Doctor wrote:
>>> On Sat, Sep 17, 2011 at 08:49:51PM +0200, Moritz Wilhelmy wrote:
>>>> Hello,
>>>>
>>>> On Sat, Sep 17, 2011 at 06:49:06 -0600, The Doctor wrote:
>>>>> First someone tell me how to remove the comment lines from the
>>>>> configuration.
>>>>
>>>> You could use something along the lines of
>>>>
>>>> awk '$1 ~ /^[^#]/' /path/to/exim/configure> /tmp/foo
>>>>
>>>> in order to remove all lines starting with #
>>>>
>>>>
>>>> Best regards,
>>>>
>>>> Moritz
>>>>
>>>> --
>>>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>>>> ## Exim details at http://www.exim.org/
>>>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>>
>>> My configuration:
>>>
>>>
>>
>> *snip* (kitchen sink, outhouse, dog kennel, and related plumbing..)
>>
>> WTH?
>>
>> Can you enlighten us with a one-line explanation?
>
>
> HELP!! Spam Hijacker has stealthily snook in
> and doing damage reputation!!!

OK.

Few folks want to read ALL of a ~/configure file on first go.

Let's narrow down the cause.

First get all the BASICS' in proper shape.

1) YOUR server has a fixed IP and published PTR RR, A, and MX record(s)

??

2) So, too do others who 'care'. So switch-on rDNS checking.

Remember to FIRST exempt any by-IP whitelist citizens AND your own user
group arriving on port 587, as their broadband/dial up will NOT have a
PTR RR (hardly ever anyway...).


3) Submission from the wide world happens on port 25. But is only
accepted for recipients of YOUR OWN local user pool, not for OTHERS.
Require it to be so.

4) Submission from your own user group happens only on port 587, WITH:

- SSL/TLS protocol

- valid UID and matching PWD

Insure you require all three of those.

Examples for all of the above are plentiful all over this list and in
the docs. Go Ogle will find them.

See what you are missing and come back for SPECIFIC help if the fix is
not obvious.

BTW - IF you are going to run web apps on the same server as an MTA?

A whole EXTRA set of security issues arise. Most are not Exim related..

Bill
--
韓家標

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Help Spam sending flood from localhost[exim] Counting recipients in TO field->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)