Re: exim and spam relay
It took some time, but I finally found an answer to the question I posted. If anyone else is having the same problem, the solution is to set receiver_verify = true in /etc/exim.conf. Exim will then return a 550 status to the RCPT TO command in the following example. John Kuhn wrote: telnet badhost.corp.com 25 Trying... Connected to badhost.corp.com. Escape character is '^]'. 220 badhost.corp.com ESMTP Exim 3.12 #1 Thu, 09 Mar 2000 14:45:18 -0500 MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct
Re: exim and spam relay
Sorry for the duplicate message. This one has a useful Subject. Jonathan, Thanks for your response. I checked my exim.conf again and did not find anything wrong in it. I have included a few of the values below. Assume: my true IP address: 192.1.1.1 my true machine name: badhost.corp.com /etc/exim.conf === qualify_domain = badhost.corp.com local_domains = local_domains_include_host = true local_domains_include_host_literals = true #relay_domains = #relay_domains_include_local_mx = true You commented that you were running exim 3, so I downloaded the source, compiled and installed it. That did not resolve my problem. Below is a sample session that shows my problem. For this session, I was on xxx.dialup.erols.com telnetting into badhost.corp.com and attempting to relay mail to remote.com. If you attempt to duplicate these results be sure to replace 192.1.1.1 with the actual IP address of the machine you are attempting to relay through. telnet badhost.corp.com 25 Trying... Connected to badhost.corp.com. Escape character is '^]'. 220 badhost.corp.com ESMTP Exim 3.12 #1 Thu, 09 Mar 2000 14:45:18 -0500 MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct I expect the following result here instead of 250: 550 relaying to [EMAIL PROTECTED]@[192.1.1.1] prohibited by administrator If this test is run to localhost (telnet localhost 25, 192.1.1.1-127.0.0.1) I do get the results that I expect - 550 relaying prohibited. As I mentioned in my first message, even if you complete this SMTP session with DATA, exim will not relay the message. Exim will accept and queue the message 250 OK id=12RaPH-0003Zq-00 Then will discover [EMAIL PROTECTED] is not a valid local user. It will then send an error message to spamtest which is not valid either. It will then freeze the error message. My concern is that exim does not return a 5xx error status at any point in the session. John
Re: exim and spam relay
CAVEAT : I am a programmer - not a sysadmin. This is the best I can muster, but it may not be good enough. :) A (clipped) copy of your exim.conf file would have helped... This may or may not be of help, but since I recently locked down a mail server, I can at least say it worked for me... This is exim 3 from frozen, but it should be cool for slink. also, you can test the relaying by telnetting directly to your port 25 and running the commands that were listed below (HELO,MAIL,RCPT,DATA). Order and spaces are important. /etc/exim.conf = # You don't care qualify_domain = lupavista.jamdata.net # You care local_domains = lupavista.jamdata.net:lupavista:localhost # This is the doosey relay_domains = If you really do need to relay for limited hosts, I would recommend doing MX records and set relay_domains_include_local_mx. There are manuals at www.exim.org, and a large section of the manual talks about locking down relaying. Good luck. Jonathan -- [EMAIL PROTECTED] GPG public key available from http://www.jamdata.net/~jjlupa/gpg.asc pgp8MF4qWeDwq.pgp Description: PGP signature
exim and spam relay
This story begins on an ancient R3000 based SGI Indigo running IRIX 5.3. Due to my own negligence, this machine had open mail relaying. One night recently a spammer discovered this machine and used it to send spam. The following morning, I had a few e-mails addressed to me kindly pointing out my oversight. I immediately removed the machine from the network until the relaying and other problems were fixed. Shortly after this incident, this machine was retired and replaced with a PC running Debian. It is currently running Debian 2.1r5 with exim 2.05-2. This was a planned transition that was unrelated to the mail relaying. Since the name and IP address remained the same as the old machine, the Debian machine inherited the history as a known spam relayer. Today it remains on at least one list of insecure mailservers - The MAPS Relay Spam Stopper (RSS) http://maps.vix.com/rss/. Below is a portion of the relay test log for this machine which indicates why it is still blacklisted. Note that I have changed my machine name and IP address to protect the guilty - that would be me. Assume: my true IP address: 192.1.1.1 my true machine name: badhost.corp.com * BEGIN relay test log * Sun Mar 5 04:44:58 PST 2000 Connecting to 192.1.1.1 ... 220 badhost.corp.com ESMTP Exim 2.05 #1 Sun, 5 Mar 2000 07:45:09 -0500 HELO maps1.pa.vix.com 250 badhost.corp.com Hello dante.mail-abuse.org [204.152.184.35] several unsuccessful relay attempts deleted RSET 250 Reset OK MAIL FROM:[EMAIL PROTECTED] 250 [EMAIL PROTECTED] is syntactically correct RCPT TO:[EMAIL PROTECTED]@[192.1.1.1] 250 [EMAIL PROTECTED]@[192.1.1.1] is syntactically correct DATA 354 Enter message, ending with . on a line by itself (message body) 250 OK id=12RaPH-0003Zq-00 /var/local/maps/rss/bin/rly: relay accepted - final response code 250 * END relay test log * This log ends with a response code indicating that a relay attempt succeeded, but the exim log shows that although the message was initially accepted, it was not delivered. * BEGIN /var/log/exim/mainlog * 2000-03-05 07:45:12 12RaPH-0003Zq-00 = [EMAIL PROTECTED] H=dante.mail-abuse.org (maps1.pa.vix.com) [204.152.184.35] P=smtp S=982 [EMAIL PROTECTED] 2000-03-05 07:45:12 12RaPH-0003Zq-00 ** [EMAIL PROTECTED]@[192.1.1.1]: unknown local-part [EMAIL PROTECTED] in domain [192.1.1.1] 2000-03-05 07:45:12 12RaPI-0003Zs-00 = R=12RaPH-0003Zq-00 U=mail P=local S=1848 2000-03-05 07:45:12 12RaPH-0003Zq-00 Error message sent to [EMAIL PROTECTED] 2000-03-05 07:45:12 12RaPH-0003Zq-00 Completed 2000-03-05 07:45:12 12RaPI-0003Zs-00 ** [EMAIL PROTECTED]: unknown local-part spamtest in domain [192.1.1.1] 2000-03-05 07:45:12 12RaPI-0003Zs-00 Frozen (delivery error message) * END /var/log/exim/mainlog * Is there a way to configure exim to return a 5xx response code to this form of relay attempt instead of returning a 250 then later rejecting it? Any assistance you can give to help me shed my image as a friend to spammers would be appreciated. John
