[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to close an open relay (exim3)?



Hello Mike,

Am Samstag 29 Januar 2005 22:17 schrieb Miquel van Smoorenburg:
> In article <200501292026.53365.ggrubbish@web.de>,
>
> gerhard  <ggrubbish@web.de> wrote:
> >I felt strange about the behavior of exim while I got a dial-up
> >connection to compuserve/AOL.
>
> You tested a connection from AOL to your PC.

Yes, I'm on a dial-up connection to AOL.

> >can see explicit 172.16.240.0/24 and not that address range from AOL
> > 172.128.0.0 - 172.191.255.255
>
> Well, 172.181.203.112 matches 0.0.0.0/0 so that's why it's being
> tested for RBL. rbl_hosts = !192.168.0.0/24:0.0.0.0/0 means
> "all hosts except 192.168.0.0/24"

Well, of course #-/ Someone on debian-user-german gave me a hint and I 
send already a message to this list, which didn't arrive here until 
now, but thanks for figure this stupid fault out: 

This is an earlier message that doesn't reached yet the ML:

<message>
gerhard wrote:

> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private internets:
> 
> 10.0.0.0        -   10.255.255.255  (10/8 prefix)
> 172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
> 192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
> 
> Extract from the 1st section of my exim.conf:
> 
> rbl_hosts = !192.168.0.0/24:0.0.0.0/0
> |---------------------------^^^^ ok should be  172.16.0.0/24, but
> because of that it's even stranger, that AOL IP's matches.

Now I changed that line to
 rbl_hosts = !192.168.0.0/24:!10/8:!192.168/16:0.0.0.0/0
because 172.16.240.0/24 is the wrong prefix. The right one 
is  172.16/12.

> recipients_reject_except = postmaster@workgroup.home
> host_accept_relay = 127.0.0.1 : ::::1 : 172.16.240.0/24
> |-------------------------------------------^^^ here you
> can see explicit 172.16.240.0/24 and not that address range from AOL
> 172.128.0.0 - 172.191.255.255

That is not true, because it should be 172.16/12 instead of
172.16.240.0/24 .

I will change that and restart exim (reboot the computer because I don't
know how to restart exim by /etc/init.d/exim restart).
</message>

Hmmm... I didn't understand that correctly, thank you for pointing me to 
the circumstance, that 172.128.0.0 - 172.191.255.255 is part of an 
host_accept_relay if  rbl_hosts = !192.168.0.0/24:0.0.0.0/0 and 
host_accept_relay = 127.0.0.1 : ::::1 : 172.16.240.0/24 .

Hmmm ...
this is the result of the text with the changed lines 
in /etc/exim/exim.conf :
# exim -bh 213.6.40.96

**** SMTP testing session as if from host 213.6.40.96
**** Not for real!

>>> host in host_lookup? yes (*)
>>> looking up host name for 213.6.40.96
>>> IP address lookup yielded a2860.a.pppool.de
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in rbl_hosts? yes (0.0.0.0/0)
>>> checking RBL domain blackholes.mail-abuse.org/reject
>>> RBL lookup for 96.40.6.213.blackholes.mail-abuse.org failed
>>> => that means it's not black listed at blackholes.mail-abuse.org
>>> checking RBL domain dialups.mail-abuse.org/reject
>>> RBL lookup for 96.40.6.213.dialups.mail-abuse.org failed
>>> => that means it's not black listed at dialups.mail-abuse.org
>>> checking RBL domain relays.mail-abuse.org/warn
>>> RBL lookup for 96.40.6.213.relays.mail-abuse.org failed
>>> => that means it's not black listed at relays.mail-abuse.org
>>> checking RBL domain rbl.mail-abuse.org/reject
>>> RBL lookup for 96.40.6.213.rbl.mail-abuse.org failed
>>> => that means it's not black listed at rbl.mail-abuse.org
>>> host in auth_hosts? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 debian ESMTP Exim 3.36 #1 Sat, 29 Jan 2005 23:13:36 +0100
mail from: <spamtest@a2860.a.pppool.de>
>>> spamtest@a2860.a.pppool.de in sender_reject? no (option unset)
>>> spamtest@a2860.a.pppool.de in sender_reject_recipients? no (option 
unset)
250 <spamtest@a2860.a.pppool.de> is syntactically correct
rcpt to: <nobody%mail-abuse.org@[213.6.40.96]>
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
>>> host in receiver_verify_hosts? yes (*)
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
>>> [213.6.40.96] in percent_hack_domains? no (end of list)
>>> debian.workgroup.home in local_domains? yes (matched 
debian.workgroup.home)
>>> debian.workgroup.home in percent_hack_domains? no (end of list)
>>> debian.workgroup.home in local_domains? yes (matched 
debian.workgroup.home)
>>> debian.workgroup.home in percent_hack_domains? no (end of list)
250 <nobody%mail-abuse.org@[213.6.40.96]> verified
I closed the connection by typing
QUIT
221 debian closing connection

So, what? I hardly  understand that:
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
>>> ...
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])

What's to mention about my complaints on /etc/init.d/exim ? 

Kind regards

Gerhard Gaußling



Reply to: