Re: How to close an open relay (exim3)?
Hello Mike,
Am Samstag 29 Januar 2005 22:17 schrieb Miquel van Smoorenburg:
> In article <[🔎] 200501292026.53365.ggrubbish@web.de>,
>
> gerhard <ggrubbish@web.de> wrote:
> >I felt strange about the behavior of exim while I got a dial-up
> >connection to compuserve/AOL.
>
> You tested a connection from AOL to your PC.
Yes, I'm on a dial-up connection to AOL.
> >can see explicit 172.16.240.0/24 and not that address range from AOL
> > 172.128.0.0 - 172.191.255.255
>
> Well, 172.181.203.112 matches 0.0.0.0/0 so that's why it's being
> tested for RBL. rbl_hosts = !192.168.0.0/24:0.0.0.0/0 means
> "all hosts except 192.168.0.0/24"
Well, of course #-/ Someone on debian-user-german gave me a hint and I
send already a message to this list, which didn't arrive here until
now, but thanks for figure this stupid fault out:
This is an earlier message that doesn't reached yet the ML:
<message>
gerhard wrote:
> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private internets:
>
> 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
>
> Extract from the 1st section of my exim.conf:
>
> rbl_hosts = !192.168.0.0/24:0.0.0.0/0
> |---------------------------^^^^ ok should be 172.16.0.0/24, but
> because of that it's even stranger, that AOL IP's matches.
Now I changed that line to
rbl_hosts = !192.168.0.0/24:!10/8:!192.168/16:0.0.0.0/0
because 172.16.240.0/24 is the wrong prefix. The right one
is 172.16/12.
> recipients_reject_except = postmaster@workgroup.home
> host_accept_relay = 127.0.0.1 : ::::1 : 172.16.240.0/24
> |-------------------------------------------^^^ here you
> can see explicit 172.16.240.0/24 and not that address range from AOL
> 172.128.0.0 - 172.191.255.255
That is not true, because it should be 172.16/12 instead of
172.16.240.0/24 .
I will change that and restart exim (reboot the computer because I don't
know how to restart exim by /etc/init.d/exim restart).
</message>
Hmmm... I didn't understand that correctly, thank you for pointing me to
the circumstance, that 172.128.0.0 - 172.191.255.255 is part of an
host_accept_relay if rbl_hosts = !192.168.0.0/24:0.0.0.0/0 and
host_accept_relay = 127.0.0.1 : ::::1 : 172.16.240.0/24 .
Hmmm ...
this is the result of the text with the changed lines
in /etc/exim/exim.conf :
# exim -bh 213.6.40.96
**** SMTP testing session as if from host 213.6.40.96
**** Not for real!
>>> host in host_lookup? yes (*)
>>> looking up host name for 213.6.40.96
>>> IP address lookup yielded a2860.a.pppool.de
>>> host in host_reject? no (option unset)
>>> host in host_reject_recipients? no (option unset)
>>> host in rbl_hosts? yes (0.0.0.0/0)
>>> checking RBL domain blackholes.mail-abuse.org/reject
>>> RBL lookup for 96.40.6.213.blackholes.mail-abuse.org failed
>>> => that means it's not black listed at blackholes.mail-abuse.org
>>> checking RBL domain dialups.mail-abuse.org/reject
>>> RBL lookup for 96.40.6.213.dialups.mail-abuse.org failed
>>> => that means it's not black listed at dialups.mail-abuse.org
>>> checking RBL domain relays.mail-abuse.org/warn
>>> RBL lookup for 96.40.6.213.relays.mail-abuse.org failed
>>> => that means it's not black listed at relays.mail-abuse.org
>>> checking RBL domain rbl.mail-abuse.org/reject
>>> RBL lookup for 96.40.6.213.rbl.mail-abuse.org failed
>>> => that means it's not black listed at rbl.mail-abuse.org
>>> host in auth_hosts? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in receiver_unqualified_hosts? no (option unset)
>>> host in helo_verify? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 debian ESMTP Exim 3.36 #1 Sat, 29 Jan 2005 23:13:36 +0100
mail from: <spamtest@a2860.a.pppool.de>
>>> spamtest@a2860.a.pppool.de in sender_reject? no (option unset)
>>> spamtest@a2860.a.pppool.de in sender_reject_recipients? no (option
unset)
250 <spamtest@a2860.a.pppool.de> is syntactically correct
rcpt to: <nobody%mail-abuse.org@[213.6.40.96]>
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
>>> host in receiver_verify_hosts? yes (*)
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
>>> [213.6.40.96] in percent_hack_domains? no (end of list)
>>> debian.workgroup.home in local_domains? yes (matched
debian.workgroup.home)
>>> debian.workgroup.home in percent_hack_domains? no (end of list)
>>> debian.workgroup.home in local_domains? yes (matched
debian.workgroup.home)
>>> debian.workgroup.home in percent_hack_domains? no (end of list)
250 <nobody%mail-abuse.org@[213.6.40.96]> verified
I closed the connection by typing
QUIT
221 debian closing connection
So, what? I hardly understand that:
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
>>> ...
>>> [213.6.40.96] in local_domains? yes (matched [213.6.40.96])
What's to mention about my complaints on /etc/init.d/exim ?
Kind regards
Gerhard Gaußling
Reply to: