On Sat, 18 Oct 2014 20:58:11 -0400 Harry Putnam <rea...@newsguy.com> wrote:
> Jonathan Dowland <j...@debian.org> writes: > > > My sympathies, I don't think it's an obvious location (ie outside of > > /etc/exim4) and I recall feeling similar when I eventually stumbled > > over it. > > > >> On 18 Oct 2014, at 00:52, Harry Putnam <rea...@newsguy.com> wrote: > >> > >> So, I just insert things the way I want them... and restart exim4? > > > > Yes but I don't think the restart is needed. > > > >> > >> Do I need to use both of the forms that may occur for my user? > > > > Yes. > > Well that did it... thanks for your time and patience. > > Now if I can just set things so that this host can accept mail from > the rest of the lan and relay it to my smarthost. > > But before I create some openended monster spam hole... > Is that just a matter of inserting the networks who's mail you want to > relay? > > I mean in /etc/exim4/update-exim4.conf.conf: > > dc_relay_nets='10.0.0.0/24;192.168.2.0/24' > That should be a colon between entries, not a semi-colon. > Those are the two networks making up my home lan. > > Or is there some more specific/explicit way to tell exim to relay for > them? That *is* the explicit way of doing it. It is also possible to relay 'from' specific named domains, which is fine for ISPs who have only their own customers connecting to their sending machines. However, a fair amount of the spam I get off the Net is apparently 'from' one of my own domains, often from 'me'. This is an attempt to relay if my server is configured to do so from named domains, so in a server which is handling arbitrary incoming email, it is safest to stick to IP address ranges. If they are private ranges, then [theoretically] no externally arriving email should have a sender address in the range. Or you can do as Jerry suggests, and set up your server and clients to use authenticated connections, which bypass the normal relaying tests. ISPs normally configure their smarthosts to accept mail for relaying unconditionally from their own networks or their customers' named domains, plus authenticated mail from anywhere, so their customers can still use the smarthost when away from home and connected through someone else's network. There are lots of websites which will perform testing for open relaying, and Google will find many. Two that are well-established and probably trustworthy are mxtoolbox.com and www.dnsgoodies.com. You can do it yourself from a computer outside your network using telnet: http://support.microsoft.com/kb/153119 This is aimed at Exchange users, but it will work for any SMTP server accepting unauthenticated email on port 25. You can check the response for various genuine and invalid recipients on your domain, and for recipients on other domains. You should be given appropriate error messages for all but genuine recipients on your domain. Some email servers require the sender and recipient addresses to be enclosed in <angle brackets>. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141019111123.2f6b8...@jresid.jretrading.com
