[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to close an open relay (exim3)?



In article <200501291350.49925.ggrubbish@web.de>,
gerhard  <ggrubbish@web.de> wrote:
>:Relay test: #Test 9
>>>> mail from: <spamtest@A2469.a.pppool.de>
><<< 250 <spamtest@A2469.a.pppool.de> is syntactically correct
>>>> rcpt to: <nobody%mail-abuse.org@[213.6.36.105]>
><<< 250 <nobody%mail-abuse.org@[213.6.36.105]> verified
>>>> QUIT
><<< 221 debian closing connection
>Tested host banner: 220 debian ESMTP Exim 3.36 #1 Fri, 28 Jan 2005
>20:06:42 +0100
>System appeared to accept 1 relay attempts
>Connection closed by foreign host.
>
>does "System appeared to accept 1 relay attempts
>Connection closed by foreign host." mean, that exim rejected the mail
>internaly after accept it to relay the mail, or is my exim an open
>relay (if the firewall isn't up).

The former. The standard exim assumes "nobody%mail-abuse.org" is
a so-called "local part" and the validity of local-parts is not
tested at SMTP time with the default Debian config (which I
think is the wrong default, but hey).

Add this to the "main" part (first part) of you exim.conf file:

        # Verify addresses in the SMTP stage
        receiver_try_verify = true

Restart exim, and test again. However the test may still
succeed if exim decides ggrubbish%web.de is actually
a valid local address (as it seems to do based on the
next test, below). No reason to panic.

>An other non-anonymous test
>http://www.abuse.net/relay.html
>resulted in the following outcome:
>
> Hmmn, at first glance, host appeared to accept a message for relay.
> THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
>
>but I received the mail :-(, and I'm sure, that I had during the whole
>process of the test the same IP-address (I'm using a dial-up
>connection).

Well, you're not an open relay, your system simply accepted the
message. Something in your local configuration (perhaps
rewrite rules) makes exim decide that ggrubbish%web.de@[213.6.36.124]
is a local address, to be delivered locally to ggrubbish.

>Here is the header of the mail I received:
>
><quote>
>Return-path: <securitytest@abuse.net>
> Envelope-to: ggrubbish%web.de@[213.6.36.124]
> Received: from localhost
>        ([127.0.0.1] helo=amavis ident=amavis)
>        by debian with esmtp (Exim 3.36 #1 (Debian))
>        id 1Cr12c-0005ia-00
>        for <ggrubbish%web.de@[213.6.36.124]>; Tue, 18 Jan 2005 22:37:34
>+0100
> Received: from debian ([127.0.0.1])
>        by amavis (debian [127.0.0.1]) (amavisd-new, port 10024) with
>ESMTP
>        id 21874-02 for <ggrubbish%web.de@[213.6.36.124]>;
>        Tue, 18 Jan 2005 22:37:26 +0100 (CET)
> Received: from www.abuse.net ([208.31.42.77])
>        by debian with smtp (Exim 3.36 #1 (Debian))
>        id 1Cr12U-0005iO-00
>        for <ggrubbish%web.de@[213.6.36.124]>; Tue, 18 Jan 2005 22:37:26

Yup, not a relay (it's not getting sent _out_ again).

Mike.



Reply to: