Re: how to make sure that anti-relaying is in place
Derrick 'dman' Hudson(email@example.com) is reported to have said:
> On Fri, Jul 05, 2002 at 06:45:22PM -0400, Wayne Topa wrote:
> | Derrick 'dman' Hudson(firstname.lastname@example.org) is reported to have said:
> | > On Fri, Jul 05, 2002 at 12:16:24PM -0400, Travis Crump wrote:
> | > set
> | >
> | > percent_hack_domains = :
> | >
> | > in your exim.conf to disable that sort of relaying.
> | Not here dman.
> | :Relay test: #Test 9
> | >>> mail from: <email@example.com>
> | <<< 250 <firstname.lastname@example.org> is syntactically correct
> | >>> rcpt to: <email@example.com>
> | <<< 250 <firstname.lastname@example.org> verified
> | >>> QUIT
> | <<< 221 susie closing connection
> | Tested host banner: 220 susie ESMTP Exim 3.35 #1 Fri, 05 Jul 2002 18:40:09 -0400
> | System appeared to accept 1 relay attempts
> | I added your above suggestion and it stays the same after an exim force-reload.
> Interesting. I use exim4 now, and my rcpt acl rejects the '%' (and
> other stuff) outright.
> I still have my exim3 configs, so I grabbed a copy of the binary to
> test it :
> $ ./usr/sbin/exim -C exim3.conf -bv 'email@example.com'
> firstname.lastname@example.org failed to verify:
> unknown local-part "nobody%mail-abuse.org" in domain "[192.168.0.154]"
> With the exim3 config I used to have, it wouldn't have accepted it.
VT3-Buddy:~# exim -bv '<email@example.com>'
VT3 root-3-Buddy:~# exim -bv '<firstname.lastname@example.org>'
and with the mailserver domain.
Actually, any ip address in the above verfies.
That is with the Directive (below) in the exim.conf.
> What does your setup report when you try the '-bv' option?
> | I also changed smtp_verify = true & false and still get Test 9 working.
> | Anything else that I might have wrong?
> I see you're not online right now, otherwise I would try actually
> sending a message to myself through your server. I recommend actually
> trying the complete delivery, then you'll know for certain whether or
> not your config will bounce the message later as Dave thinks it will.
> If all the valid local parts for your domain are actual local users,
> you can put this director first to exclude any non-valid local parts
> in the first place (this sort of thing is easier in exim4 with the
> ACLs, BTW) :
> # This director matches local user mailboxes.
> verify_local :
> driver = localuser
> # only use this director when verifying an address
> # if the verification fails, don't continue with the other directors
> more = false
So the end result is that it still fails test 9
:Relay test: #Test 9
>>> mail from: <email@example.com>
<<< 250 <firstname.lastname@example.org> is syntactically correct
>>> rcpt to: <email@example.com>
<<< 250 <firstname.lastname@example.org> verified
Bad or missing mouse driver. Spank the cat [Y/N]?
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org