Re: how to make sure that anti-relaying is in place
Derrick 'dman' Hudson(dman@dman.ddts.net) is reported to have said:
> On Fri, Jul 05, 2002 at 06:45:22PM -0400, Wayne Topa wrote:
> | Derrick 'dman' Hudson(dman@dman.ddts.net) is reported to have said:
> | > On Fri, Jul 05, 2002 at 12:16:24PM -0400, Travis Crump wrote:
>
> | > set
> | >
> | > percent_hack_domains = :
> | >
> | > in your exim.conf to disable that sort of relaying.
> |
> | Not here dman.
> |
> | :Relay test: #Test 9
> | >>> mail from: <spamtest@ip-209-23-97-177.modem.logical.net>
> | <<< 250 <spamtest@ip-209-23-97-177.modem.logical.net> is syntactically correct
> | >>> rcpt to: <nobody%mail-abuse.org@[209.23.97.177]>
> | <<< 250 <nobody%mail-abuse.org@[209.23.97.177]> verified
> | >>> QUIT
> | <<< 221 susie closing connection
> | Tested host banner: 220 susie ESMTP Exim 3.35 #1 Fri, 05 Jul 2002 18:40:09 -0400
> | System appeared to accept 1 relay attempts
> |
> | I added your above suggestion and it stays the same after an exim force-reload.
>
> Interesting. I use exim4 now, and my rcpt acl rejects the '%' (and
> other stuff) outright.
>
> I still have my exim3 configs, so I grabbed a copy of the binary to
> test it :
>
> $ ./usr/sbin/exim -C exim3.conf -bv 'nobody%mail-abuse.org@[192.168.0.154]'
> nobody%mail-abuse.org@[192.168.0.154] failed to verify:
> unknown local-part "nobody%mail-abuse.org" in domain "[192.168.0.154]"
>
> With the exim3 config I used to have, it wouldn't have accepted it.
VT3-Buddy:~# exim -bv '<nobody%mail-abuse.org@[209.23.96.24]>'
nobody%mail-abuse.org@[209.23.96.24] verified
or
VT3 root-3-Buddy:~# exim -bv '<nobody%mail-abuse.org@[192.168.1.3]>'
nobody%mail-abuse.org@[192.168.1.3] verified
and with the mailserver domain.
Actually, any ip address in the above verfies.
That is with the Directive (below) in the exim.conf.
> What does your setup report when you try the '-bv' option?
>
> | I also changed smtp_verify = true & false and still get Test 9 working.
> | Anything else that I might have wrong?
>
> I see you're not online right now, otherwise I would try actually
> sending a message to myself through your server. I recommend actually
> trying the complete delivery, then you'll know for certain whether or
> not your config will bounce the message later as Dave thinks it will.
>
>
> If all the valid local parts for your domain are actual local users,
> you can put this director first to exclude any non-valid local parts
> in the first place (this sort of thing is easier in exim4 with the
> ACLs, BTW) :
>
> # This director matches local user mailboxes.
> verify_local :
> driver = localuser
>
> # only use this director when verifying an address
> verify_only
>
> # if the verification fails, don't continue with the other directors
> more = false
So the end result is that it still fails test 9
:Relay test: #Test 9
>>> mail from: <spamtest@ip-209-23-98-208.modem.logical.net>
<<< 250 <spamtest@ip-209-23-98-208.modem.logical.net> is syntactically correct
>>> rcpt to: <nobody%mail-abuse.org@[209.23.98.208]>
<<< 250 <nobody%mail-abuse.org@[209.23.98.208]> verified
>>> QUIT
Wayne
--
Bad or missing mouse driver. Spank the cat [Y/N]?
_______________________________________________________
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: