Re: [exim] SMTP Abused

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] SMTP Abused
Muhammad Irfan wrote:
> I had situation in past when one of my domain POP3/SMTP user/pass
> compromised.
> And someone connect to our server (SMTP) with that user account to send
> bulk of emails.
> I need to eliminate this sort of spam mechanism like in case if account
> compromised no one can send emails to others by using that user email
> address.
> I have quite some users on my domain which acts as POP3 and SMTP also. I
> can't block SMTP port on server because it's block outside world also to
> send emails to us.
> I thought another idea, to use openrelay like i need to add another server
> configured as open relay and on primary mail server i need to configure
> manualrouter e.g. if emails send from @example.com than relay to
> another.host.com which is finally responsible to send emails from that
> server and another.host.com i.e. on relay server i will allow only local
> users @example.com ip addresses only to connect via firewall.
>
> So, outside world can send from primary mail server and within domain user
> can send emails from relay server.
> Please let me know if this approach is handy or is there any other better
> way of doing this.


?? If you are doing it the 'usual' way, user-community submission are
all coming in over port 587, AUTH is being insisted on, over TLS, AND
NOT being allowed to drop to insecure, but rDSN is NOT required
(broadband pools fail it).

Port 25 is for 'outside world' DOES do an rDNS check, wants TLS, but may
or may not insist on it, does NOT offer 'auth'.

End-users should not be allowed to auth or submit on port 25. WTH - if
their bandwidth-provider has his head on straight, they can't even
*reach* it.

Put any of your own relays into port 24 - that's its job - and use
port-specific conditionals for that as need be.

Now all you have to do is change the password after a suspected
compromise, and the account identity remains usable.

No need for multiple servers. Exim' can alter behaviour based on IP
and/or port.

But even if you DO find a need, look at running two instances of Exim
with different configurations on the same box. Needs two or more
'listern' IP, IF they are even both 'listening'. One might not be.

Side issue, but smtp, POP, IMAP CAN all have totally unrelated login
UID:PWD, and none of them actually have to include the email address in
the UID part, nor even in the mailstore structure.

Between a mere 'alias' and full-scale DB, that can be as simple, or as
complicated as you have time to make it. Exim JF does as it is told and
motors on..

Bill

--
韓家標