Re: How to close an open relay (exim3)?
In article <[🔎] 200501291350.49925.ggrubbish@web.de>,
gerhard <ggrubbish@web.de> wrote:
>:Relay test: #Test 9
>>>> mail from: <spamtest@A2469.a.pppool.de>
><<< 250 <spamtest@A2469.a.pppool.de> is syntactically correct
>>>> rcpt to: <nobody%mail-abuse.org@[213.6.36.105]>
><<< 250 <nobody%mail-abuse.org@[213.6.36.105]> verified
>>>> QUIT
><<< 221 debian closing connection
>Tested host banner: 220 debian ESMTP Exim 3.36 #1 Fri, 28 Jan 2005
>20:06:42 +0100
>System appeared to accept 1 relay attempts
>Connection closed by foreign host.
>
>does "System appeared to accept 1 relay attempts
>Connection closed by foreign host." mean, that exim rejected the mail
>internaly after accept it to relay the mail, or is my exim an open
>relay (if the firewall isn't up).
The former. The standard exim assumes "nobody%mail-abuse.org" is
a so-called "local part" and the validity of local-parts is not
tested at SMTP time with the default Debian config (which I
think is the wrong default, but hey).
Add this to the "main" part (first part) of you exim.conf file:
# Verify addresses in the SMTP stage
receiver_try_verify = true
Restart exim, and test again. However the test may still
succeed if exim decides ggrubbish%web.de is actually
a valid local address (as it seems to do based on the
next test, below). No reason to panic.
>An other non-anonymous test
>http://www.abuse.net/relay.html
>resulted in the following outcome:
>
> Hmmn, at first glance, host appeared to accept a message for relay.
> THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
>
>but I received the mail :-(, and I'm sure, that I had during the whole
>process of the test the same IP-address (I'm using a dial-up
>connection).
Well, you're not an open relay, your system simply accepted the
message. Something in your local configuration (perhaps
rewrite rules) makes exim decide that ggrubbish%web.de@[213.6.36.124]
is a local address, to be delivered locally to ggrubbish.
>Here is the header of the mail I received:
>
><quote>
>Return-path: <securitytest@abuse.net>
> Envelope-to: ggrubbish%web.de@[213.6.36.124]
> Received: from localhost
> ([127.0.0.1] helo=amavis ident=amavis)
> by debian with esmtp (Exim 3.36 #1 (Debian))
> id 1Cr12c-0005ia-00
> for <ggrubbish%web.de@[213.6.36.124]>; Tue, 18 Jan 2005 22:37:34
>+0100
> Received: from debian ([127.0.0.1])
> by amavis (debian [127.0.0.1]) (amavisd-new, port 10024) with
>ESMTP
> id 21874-02 for <ggrubbish%web.de@[213.6.36.124]>;
> Tue, 18 Jan 2005 22:37:26 +0100 (CET)
> Received: from www.abuse.net ([208.31.42.77])
> by debian with smtp (Exim 3.36 #1 (Debian))
> id 1Cr12U-0005iO-00
> for <ggrubbish%web.de@[213.6.36.124]>; Tue, 18 Jan 2005 22:37:26
Yup, not a relay (it's not getting sent _out_ again).
Mike.
Reply to: