On 10/5/2014 7:56 PM, Harry Putnam wrote: > Jerry Stuckle <jstuc...@attglobal.net> writes: > >> On 10/5/2014 4:38 PM, Brian wrote: >>> On Sun 05 Oct 2014 at 16:16:22 -0400, Jerry Stuckle wrote: >>> >>>> On 10/5/2014 12:01 PM, Harry Putnam wrote: >>>>> >>>>> I'm pretty sure I'm leaving out some major piece of the smtp puzzle >>>>> but not at all sure what it might be. >>>> >>>> Two things here: >>>> >>>> First of all, are you sure your ISP allows connections to Port 25 on >>>> other hosts? Many ISPs (especially residential accounts) are now >>>> blocking such attempts due to trojans creating spam relays. >>> >>> You may not have noticed but the OP is attempting to connect to machines >>> on his own network and to his ISP's mail server. Please try not to bring >>> confusion to an already sorted situation. >>> >> >> I KNOW he's trying to configure for his own network. I also KNOW it is >> connected to the internet. My advice stands - a misconfigured exim >> server can quickly become a SPAM source. Spammers all over the world >> are looking for just such servers, and quickly spread the word around. >> >>>> Second - be *very careful* in configuring Exim. Misconfiguration can >>>> easily allow your system to become an open relay for spammers. Such an >>>> operation at a minimum can get your IP (and ISP) a bad reputation, and >>>> at a maximum can get your account cancelled. >>>> >>>> Exim can be configured to be safe, but it's not necessarily >>>> straightforward. >>> >>> It's very straightforward when it is known what network exim is on. >>> >>> >> >> Not necessarily. Thinking it is very straightforward is what leads to >> open relays. Especially when you don't know what you're doing. > > In this case .. I've attempted to limit the relaying to the 2 networks > making up my home lan. And the outbound ISP smtp server is an > authenticating server. > > Can you give some hints what kind of holes incautious thinking has > left? And if possible some ideas about how I might go about fixing > them. > >
The first question - why do you think you need to relay to other networks, even if they're your own? Do you have other SMTP servers running on those networks? Your server should only accept non-authenticated emails to your own domain(s). Sending to any other domains needs to require authentication of the sender. Whether the outbound server is authenticating or not is immaterial - you have an SMTP server on your network, and if it is available to the internet, people will try to use it. I daily see people attempting to relay through my servers every day. I even see people trying to authenticate themselves through my servers. You need to protect against both kinds of attempts. You really need to get someone who understands proper Exim configuration to look over your configuration. And while I've learned a lot about it over the years, I'm not an expert. I just know how to properly configure my systems. But that came from a lot of reading of the Exim manual and various tips and tricks from the internet. There is no "quick and easy way" to do it otherwise. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5431f37a.1050...@attglobal.net
