[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [exim4] rewrite left hand of email on outgoing mail

On Sat, 18 Oct 2014 20:58:11 -0400
Harry Putnam <reader@newsguy.com> wrote:

> Jonathan Dowland <jmtd@debian.org> writes:
> 
> > My sympathies, I don't think it's an obvious location (ie outside of
> > /etc/exim4) and I recall feeling similar when I eventually stumbled
> > over it.
> >
> >> On 18 Oct 2014, at 00:52, Harry Putnam <reader@newsguy.com> wrote:
> >> 
> >> So, I just insert things the way I want them... and restart exim4?
> >
> > Yes but I don't think the restart is needed.
> >
> >> 
> >> Do I need to use both of the forms that may occur for my user?
> >
> > Yes.
> 
> Well that did it... thanks for your time and patience.
> 
> Now if I can just set things so that this host can accept mail from
> the rest of the lan and relay it to my smarthost.
> 
> But before I create some openended monster spam hole...
> Is that just a matter of inserting the networks who's mail you want to
> relay?
> 
> I mean in /etc/exim4/update-exim4.conf.conf:
> 
>    dc_relay_nets='10.0.0.0/24;192.168.2.0/24'
> 
That should be a colon between entries, not a semi-colon.

> Those are the two networks making up my home lan.
> 
> Or is there some more specific/explicit way to tell exim to relay for
> them?

That *is* the explicit way of doing it. 

It is also possible to relay 'from' specific named domains, which is
fine for ISPs who have only their own customers connecting to their
sending machines. However, a fair amount of the spam I get off the Net
is apparently 'from' one of my own domains, often from 'me'. This is an
attempt to relay if my server is configured to do so from named
domains, so in a server which is handling arbitrary incoming email, it
is safest to stick to IP address ranges. If they are private ranges,
then [theoretically] no externally arriving email should have a sender
address in the range.

Or you can do as Jerry suggests, and set up your server and clients to
use authenticated connections, which bypass the normal relaying tests.
ISPs normally configure their smarthosts to accept mail for relaying
unconditionally from their own networks or their customers' named
domains, plus authenticated mail from anywhere, so their customers can
still use the smarthost when away from home and connected through
someone else's network.

There are lots of websites which will perform testing for open
relaying, and Google will find many. Two that are well-established and
probably trustworthy are mxtoolbox.com and www.dnsgoodies.com. You can
do it yourself from a computer outside your network using telnet:

http://support.microsoft.com/kb/153119

This is aimed at Exchange users, but it will work for any SMTP server
accepting unauthenticated email on port 25. You can check the response
for various genuine and invalid recipients on your domain, and for
recipients on other domains. You should be given appropriate error
messages for all but genuine recipients on your domain. Some email
servers require the sender and recipient addresses to be enclosed in
<angle brackets>.

-- 
Joe
Reply to: