Hello Mr Phill, I am appreciating your patience to sort out my issues. I am believing my post is not much enough ..
The issue is that .. Now Spammers configure a fake mail accout "[EMAIL PROTECTED]" in an Outlook express" mail as outgoing mail server as test.com. As there is no smtp authentication in exim where mail server for test.com running, they can use account " [EMAIL PROTECTED]" to sent spam mails to another mail servers. Thanks, Sal. On Jan 7, 2008 11:43 PM, Phil Pennock <[EMAIL PROTECTED]> wrote: > On 2008-01-07 at 09:20 -0800, sal983 wrote: > > We had implemented a gateway mail server ( Running Exim 4.68 Ver ) to > > reduce the spam mails to our traditional "Groupwise" mail server, and > was > > working fine till last week. ie mail to our domain ( let me call " > test.com" > > ) is hitting the exim mail server first and delivering to groupwise > > mailsever one it is filtered. > > The following are the code fragment from our exim.conf, where we are > routing > > the filtered mails to the IP 192.168.1.3. > > > > > > internal: > > driver = manualroute > > domains =test.com //Relaying allowed only from test.com > > That comment should be "only to test.com", to not from. > > > transport = spamcheck > > route_data= 192.168.1.3 > > > > As all mail accounts are residing in our groupwise mail server , I am > not > > able ( Due to my ignorance :( ) to enable smtp authentication for the > > users. So now anyone can relay the mails ( But there account should be > > [EMAIL PROTECTED] ) to through exim mail server to other mail server. many > > of > the > > spammers are misusing the vulnerability to send spam through our mail > > server. > > I take it that the problem is: > > * groupwise regards mail coming from "inside" to be mail which it can > send out to the world. > * your Exim server is "inside" > * something in groupwise supports embedded addresses > ([EMAIL PROTECTED] or "[EMAIL PROTECTED]"@test.com) or something else. > > Options include: > > * find out how to tell Groupwise that the IP address which the Exim > server is on is external, not internal > * disable the embedded email address support in Groupwise > > If Groupwise doesn't have embeeded email address support turn on, then > the "internal" router which you supplied is not in fact the router being > used to pass email on. Exim's mainlog file will tell you which Router > is actually being used (R=internal for instance). > > If none of this helps, we're going to need to see your Exim > configuration file and an example log-line of spam being relayed. > > -Phil > (who might not respond again for a few hours, so anyone who sees a > problem with whatever sal983 posts back, jump in!) > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
