Ryan Kerwin Macrohon wrote: > My server is now flooded with emails...maybe they're using my email as a > relay..I dont know what to do..ive been receiving lots of mail delivery > failure notices already...what will i do? >
The default configuration is safe, so if you haven't messed around with ACLs or what Exim thinks are local domains you should be safe. If you're just receiving bounces it could be that someone is sending spam in your name. You can temporarily reject those with the right ACL statements, but watch out for collateral damage. If you think that you may have misconfigured Exim and that someone is using it as an open relay, you can test it with an open relay testing service such as http://www.abuse.net/relay.html or relay-test.mail-abuse.org, which you use by telnetting to it from the mail server in question. It could be that you're not an open relay, but that you accept mail to addresses that don't exist in your domain, or that exists but can't be delivered to for other reasons. Check your logs (/var/log/exim/mainlog*)! "<=" indicate incoming mail, "=>" indicate delivered mail. Each such line starts with a date and time and a message-ID. If you see that, for the same message-ID, mail comes in from an unknown host (H= indicates the host, but don't trust the value within (), it's the HELO string) and goes out to an unknown host for an unknown address, you have to take action. Read chapter 48, esp. 48.5 and 48.13, in the specification. Check your ACLs. Read chapter 39, esp. 39.36, in the specification thoroughly - it's important stuff for responsible postmasters. If you still don't know what to do, post log excerpts and configuration here. -- Magnus Holmgren
signature.asc
Description: OpenPGP digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
