[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

EXIM, Help stop relaying spam

Hi,

We have just had out exim router on our server abused by some spammers.

We had thought that we were securely setup, but it appears that our ISP
has recently changed something in their dns setup and it meant that
spammers have been able to use us as a relay.

I have some temporary fixes in which stop all outgoing mail (turned off
just while I send this) - this is obviously not ideal but does stop
these nasty people.

How do we stop this problem?

I have spent a whole day pulling my hair out trying to stop exim
allowing other people in but I have not suceeded unless I also stop us
being able to send (or in some cases recieve).

Our setup is that our firewall forwards port 25 onto the main server
which is running exim.  This is using redir at present and I think that
is part of the problem. If someone telnets onto exim they appear to be
coming from the firewall.

I have turned off all relaying (but don't know how to check that it is
sucessful). But it seems that I am still allowing telnet onto port 23 to
issue the smtp commands to send mail from an invalid user to outside our
domain. I don't want that to happen.  How can I fix that?

The bits of my exim.conf (comments removed to save space) are

relay_domains = *.sundayta.co.uk
relay_domains_include_local_mx = true

never_users = root

host_lookup_nets = 0.0.0.0/0

rbl_domains = rbl.maps.vix.com
rbl_reject_recipients = true
rbl_warn_header = false

sender_host_reject_relay = *
sender_host_reject_relay_except =
romans.sundayta.co.uk:proverbs.sundayta.co.uk

sender_net_reject_relay = 0.0.0.0/0
sender_net_reject_relay_except = 192.168.100.0/8
# firewall is 192.168.101.2

sender_verify_reject = true

# I don't want to incorrectly blame anyone but all the spam had a name
within this domain
# as the to and from
sender_reject = *.quintessenz.at



I would like to reject all hosts apart from some named machines at
sundayta.co.uk but whenever I try that I stop all incoming mail from
other hosts which is obviously not correct.

Any help much appreciated while I still have some hair left.



-- 
David Warnock
Sundayta Ltd
Reply to: