Hi, We have just had out exim router on our server abused by some spammers.
We had thought that we were securely setup, but it appears that our ISP has recently changed something in their dns setup and it meant that spammers have been able to use us as a relay. I have some temporary fixes in which stop all outgoing mail (turned off just while I send this) - this is obviously not ideal but does stop these nasty people. How do we stop this problem? I have spent a whole day pulling my hair out trying to stop exim allowing other people in but I have not suceeded unless I also stop us being able to send (or in some cases recieve). Our setup is that our firewall forwards port 25 onto the main server which is running exim. This is using redir at present and I think that is part of the problem. If someone telnets onto exim they appear to be coming from the firewall. I have turned off all relaying (but don't know how to check that it is sucessful). But it seems that I am still allowing telnet onto port 23 to issue the smtp commands to send mail from an invalid user to outside our domain. I don't want that to happen. How can I fix that? The bits of my exim.conf (comments removed to save space) are relay_domains = *.sundayta.co.uk relay_domains_include_local_mx = true never_users = root host_lookup_nets = 0.0.0.0/0 rbl_domains = rbl.maps.vix.com rbl_reject_recipients = true rbl_warn_header = false sender_host_reject_relay = * sender_host_reject_relay_except = romans.sundayta.co.uk:proverbs.sundayta.co.uk sender_net_reject_relay = 0.0.0.0/0 sender_net_reject_relay_except = 192.168.100.0/8 # firewall is 192.168.101.2 sender_verify_reject = true # I don't want to incorrectly blame anyone but all the spam had a name within this domain # as the to and from sender_reject = *.quintessenz.at I would like to reject all hosts apart from some named machines at sundayta.co.uk but whenever I try that I stop all incoming mail from other hosts which is obviously not correct. Any help much appreciated while I still have some hair left. -- David Warnock Sundayta Ltd
