exim and spam relay

To: debian-user@lists.debian.org
Subject: exim and spam relay
From: John Kuhn <jmkuhn@erols.com>
Date: Mon, 06 Mar 2000 18:35:04 -0500
Message-id: <[🔎] 38C440A8.D51981D2@erols.com>

This story begins on an ancient R3000 based SGI Indigo running IRIX 5.3.
Due to my own negligence, this machine had open mail relaying.  One night
recently a spammer discovered this machine and used it to send spam.
The following morning, I had a few e-mails addressed to me kindly pointing
out my oversight.  I immediately removed the machine from the network
until the relaying and other problems were fixed.

Shortly after this incident, this machine was retired and replaced with
a PC running Debian.  It is currently running Debian 2.1r5 with exim 2.05-2.
This was a planned transition that was unrelated to the mail relaying.
Since the name and IP address remained the same as the old machine, the
Debian machine inherited the history as a known spam relayer.  Today it
remains on at least one list of insecure mailservers - The MAPS Relay
Spam Stopper (RSS) <http://maps.vix.com/rss/>.

Below is a portion of the relay test log for this machine which indicates
why it is still blacklisted.  Note that I have changed my machine name
and IP address to protect the guilty - that would be me.

Assume:
   my true IP address:  192.1.1.1
   my true machine name:  badhost.corp.com

***** BEGIN relay test log *****

Sun Mar  5 04:44:58 PST 2000

Connecting to 192.1.1.1 ...
<<< 220 badhost.corp.com ESMTP Exim 2.05 #1 Sun, 5 Mar 2000 07:45:09 -0500
>>> HELO maps1.pa.vix.com
<<< 250 badhost.corp.com Hello dante.mail-abuse.org [204.152.184.35]

several unsuccessful relay attempts deleted

>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<spamtest@[192.1.1.1]>
<<< 250 <spamtest@[192.1.1.1]> is syntactically correct
>>> RCPT TO:<"user2@mac.radparker.com"@[192.1.1.1]>
<<< 250 <"user2@mac.radparker.com"@[192.1.1.1]> is syntactically correct
>>> DATA
<<< 354 Enter message, ending with "." on a line by itself
>>> (message body)
<<< 250 OK id=12RaPH-0003Zq-00
/var/local/maps/rss/bin/rly: relay accepted - final response code 250

***** END relay test log *****

This log ends with a response code indicating that a relay attempt
succeeded, but the exim log shows that although the message was initially
accepted, it was not delivered.

***** BEGIN /var/log/exim/mainlog *****

2000-03-05 07:45:12 12RaPH-0003Zq-00 <= spamtest@[192.1.1.1] H=dante.mail-abuse.org (maps1.pa.vix.com) [204.152.184.35] P=smtp S=982
id=rlytest-952260303-6454@maps1.pa.vix.com
2000-03-05 07:45:12 12RaPH-0003Zq-00 ** "rss-result2@mac.radparker.com"@[192.1.1.1]: unknown local-part "rss-result2@mac.radparker.com" in domain "[192.1.1.1]"
2000-03-05 07:45:12 12RaPI-0003Zs-00 <= <> R=12RaPH-0003Zq-00 U=mail P=local S=1848
2000-03-05 07:45:12 12RaPH-0003Zq-00 Error message sent to spamtest@[192.1.1.1]
2000-03-05 07:45:12 12RaPH-0003Zq-00 Completed
2000-03-05 07:45:12 12RaPI-0003Zs-00 ** spamtest@[192.1.1.1]: unknown local-part "spamtest" in domain "[192.1.1.1]"
2000-03-05 07:45:12 12RaPI-0003Zs-00 Frozen (delivery error message)

***** END /var/log/exim/mainlog *****

Is there a way to configure exim to return a 5xx response code to this
form of relay attempt instead of returning a 250 then later rejecting it?

Any assistance you can give to help me shed my image as a friend to
spammers would be appreciated.

John

Reply to:

Follow-Ups:
- Re: exim and spam relay
  - From: Jonathan Lupa <jjlupa@jamdata.net>

Prev by Date: How to add a user to a group on the fly
Next by Date: compiling new kernel
Previous by thread: Re: How to add a user to a group on the fly
Next by thread: Re: exim and spam relay
Index(es):
- Date
- Thread