On Tue, 21 Jun 2005 16:41:21 -0700 (PDT), Sergio Basurto Juarez <[EMAIL PROTECTED]> wrote: >I am very new to exim, I installed on a test server >with Debian, at the very beginning I did not configure >SMTP auth so every one that connect to my port 25 can >send whatever they want,
Very bad idea. Please take the host offline immediately and repeat your experiments on a host that is not publicly reachable. >I understand that leave SMTP without an auth method is >a security hole, so I should reinstall the complete >server because even if I deinstall exim and reinstall >it, it goes on sending a lot of stuff. No, reinstalling the complete system is most probably not necessary since I don't think that you have been compromised just by configuring an open relay. I'd guess that closing the open relay is first priority, and if you want to you might want to check for backdoors and root kits. When you mean "deinstall exim and reinstall", did you also change the configuration not to be an open relay any more? Are you sure that the outgoing e-mail is really sent by exim? What do the logs say? >Righ now I have totaly configured my server with >Debian, and I still want to use exim as my MTA, the >question is how can I configure cram-md5 and force >exim to always ask for auth. Please, learn the basics of your trade, and don't do this on the public internet. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834 -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
