[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to make sure that anti-relaying is in place

On Fri, Jul 05, 2002 at 06:45:22PM -0400, Wayne Topa wrote:
| Derrick 'dman' Hudson(dman@dman.ddts.net) is reported to have said:
| > On Fri, Jul 05, 2002 at 12:16:24PM -0400, Travis Crump wrote:

| > set
| > 
| > percent_hack_domains = :
| > 
| > in your exim.conf to disable that sort of relaying.
| 
| Not here dman.
| 
| :Relay test: #Test 9
| >>> mail from: <spamtest@ip-209-23-97-177.modem.logical.net>
| <<< 250 <spamtest@ip-209-23-97-177.modem.logical.net> is syntactically correct
| >>> rcpt to: <nobody%mail-abuse.org@[209.23.97.177]>
| <<< 250 <nobody%mail-abuse.org@[209.23.97.177]> verified
| >>> QUIT
| <<< 221 susie closing connection
| Tested host banner: 220 susie ESMTP Exim 3.35 #1 Fri, 05 Jul 2002 18:40:09 -0400
| System appeared to accept 1 relay attempts
| 
| I added your above suggestion and it stays the same after an exim force-reload.

Interesting.  I use exim4 now, and my rcpt acl rejects the '%' (and
other stuff) outright.

I still have my exim3 configs, so I grabbed a copy of the binary to
test it :

$ ./usr/sbin/exim -C exim3.conf -bv 'nobody%mail-abuse.org@[192.168.0.154]'
nobody%mail-abuse.org@[192.168.0.154] failed to verify:
  unknown local-part "nobody%mail-abuse.org" in domain "[192.168.0.154]"

With the exim3 config I used to have, it wouldn't have accepted it.

What does your setup report when you try the '-bv' option?

| I also changed smtp_verify = true & false and still get Test 9 working.
| Anything else that I might have wrong?

I see you're not online right now, otherwise I would try actually
sending a message to myself through your server.  I recommend actually
trying the complete delivery, then you'll know for certain whether or
not your config will bounce the message later as Dave thinks it will.


If all the valid local parts for your domain are actual local users,
you can put this director first to exclude any non-valid local parts
in the first place (this sort of thing is easier in exim4 with the
ACLs, BTW) :

# This director matches local user mailboxes.
verify_local :
    driver = localuser

    # only use this director when verifying an address
    verify_only

    # if the verification fails, don't continue with the other directors
    more = false

HTH,
-D

-- 

It took the computational power of three Commodore 64s to fly to the moon.
It takes at least a 486 to run Windows 95.
Something is wrong here.
 
http://dman.ddts.net/~dman/

Attachment: pgpsaj8hdjRGp.pgp
Description: PGP signature

Reply to: