Wakko Warner wrote: > Heiko Schlittermann wrote: > >>Rick Lutowski <[EMAIL PROTECTED]> (Do 04 Jan 2007 18:11:34 CET): >> >>>Is there any way to disable the kind of access he >>>demonstrated without compromising normal exim >>>operation? >> >>I'm not sure if in Exim 3.x you could reject unknown users already at >>SMTP time, but if you'd upgrade to Exim 4.x: you can. >>(AFAIR Debians install script tries to convert the config, but I'm not >>sure, so be prepared to be challenged :)) > > > IIRC, Exim 3.x can reject unknown recipients at SMTP time, I forget the > version but I do recall this. I was late on upgrading, but that was years > ago! =) > > Given this, I'd highly recommend that he not place his SMTP server back > online until he has a basic understanding of what is going on. Converting > his current to v4.x config will pretty much give him the same vulnerability > (This is an assumption, but, as stated, you shouldn't rely solely on convert > script to generate a corretly working config) >
Upgrading to v4 is obviously a good idea. Seems there is a risk the deb install scripts may not produce a working system without some manual config tho. This is important info to know -- tells me how to approach an upgrade. Am also getting the idea that the exim log files will say if I am sending spam or not. However, I do not have enough exim insight at this point to determine this myself. If one of you is willing to look at a sample of my logs and coach me as to what to look for, please contact me outside the mail list. Would appreciate it. -- Rick Lutowski, GRI, REALTOR Greg Doering & Associates Keller Williams Realty [EMAIL PROTECTED] 512-461-1456 I Reward Referrals -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
