This story begins on an ancient R3000 based SGI Indigo running IRIX 5.3. Due to my own negligence, this machine had open mail relaying. One night recently a spammer discovered this machine and used it to send spam. The following morning, I had a few e-mails addressed to me kindly pointing out my oversight. I immediately removed the machine from the network until the relaying and other problems were fixed.
Shortly after this incident, this machine was retired and replaced with a PC running Debian. It is currently running Debian 2.1r5 with exim 2.05-2. This was a planned transition that was unrelated to the mail relaying. Since the name and IP address remained the same as the old machine, the Debian machine inherited the history as a known spam relayer. Today it remains on at least one list of insecure mailservers - The MAPS Relay Spam Stopper (RSS) <http://maps.vix.com/rss/>. Below is a portion of the relay test log for this machine which indicates why it is still blacklisted. Note that I have changed my machine name and IP address to protect the guilty - that would be me. Assume: my true IP address: 192.1.1.1 my true machine name: badhost.corp.com ***** BEGIN relay test log ***** Sun Mar 5 04:44:58 PST 2000 Connecting to 192.1.1.1 ... <<< 220 badhost.corp.com ESMTP Exim 2.05 #1 Sun, 5 Mar 2000 07:45:09 -0500 >>> HELO maps1.pa.vix.com <<< 250 badhost.corp.com Hello dante.mail-abuse.org [204.152.184.35] several unsuccessful relay attempts deleted >>> RSET <<< 250 Reset OK >>> MAIL FROM:<[EMAIL PROTECTED]> <<< 250 <[EMAIL PROTECTED]> is syntactically correct >>> RCPT TO:<"[EMAIL PROTECTED]"@[192.1.1.1]> <<< 250 <"[EMAIL PROTECTED]"@[192.1.1.1]> is syntactically correct >>> DATA <<< 354 Enter message, ending with "." on a line by itself >>> (message body) <<< 250 OK id=12RaPH-0003Zq-00 /var/local/maps/rss/bin/rly: relay accepted - final response code 250 ***** END relay test log ***** This log ends with a response code indicating that a relay attempt succeeded, but the exim log shows that although the message was initially accepted, it was not delivered. ***** BEGIN /var/log/exim/mainlog ***** 2000-03-05 07:45:12 12RaPH-0003Zq-00 <= [EMAIL PROTECTED] H=dante.mail-abuse.org (maps1.pa.vix.com) [204.152.184.35] P=smtp S=982 [EMAIL PROTECTED] 2000-03-05 07:45:12 12RaPH-0003Zq-00 ** "[EMAIL PROTECTED]"@[192.1.1.1]: unknown local-part "[EMAIL PROTECTED]" in domain "[192.1.1.1]" 2000-03-05 07:45:12 12RaPI-0003Zs-00 <= <> R=12RaPH-0003Zq-00 U=mail P=local S=1848 2000-03-05 07:45:12 12RaPH-0003Zq-00 Error message sent to [EMAIL PROTECTED] 2000-03-05 07:45:12 12RaPH-0003Zq-00 Completed 2000-03-05 07:45:12 12RaPI-0003Zs-00 ** [EMAIL PROTECTED]: unknown local-part "spamtest" in domain "[192.1.1.1]" 2000-03-05 07:45:12 12RaPI-0003Zs-00 Frozen (delivery error message) ***** END /var/log/exim/mainlog ***** Is there a way to configure exim to return a 5xx response code to this form of relay attempt instead of returning a 250 then later rejecting it? Any assistance you can give to help me shed my image as a friend to spammers would be appreciated. John
