[plug] Re: HELO antispam checks

Craig Ringer craig at postnewspapers.com.au
Mon Oct 18 18:14:28 WST 2004 

Cameron Patrick wrote:
>>Where can I find out what Exim is identifying its self as?
> 
> It probably uses /etc/mailname by default.  Otherwise the
> primary_hostname setting in exim.conf,

I expect so.

If in doubt, a good way to be sure is to simply do a tcpdump of an 
outgoing mail session.  Exim may also offer a method of logging sessions 
for config debugging.

I use postfix, where it's possible to simply run 'postconf myhostname' 
to get that information.

>>Also, how can I make sure it isn't an open relay?
> 
> Look at the relay_domains and host_accept_relay options and make sure
> they only allow relaying for your local network (or for IPs / domains
> that you want to relay for).

Telnet to it from the outside (`telnet $YOUR_HOST_NAME_OR_IP 25`), say 
from your spark account.  Talk to the server, see if you can convince it 
to relay mail. Example session:

$ telnet mail.postnewspapers.com.au 25
Connected to access.postnewspapers.com.au.
Trying 202.72.149.28...
Escape character is '^]'.
220 mail.postnewspapers.com.au ESMTP Postfix
HELO www.postnewspapers.com.au
250 mail.postnewspapers.com.au
MAIL FROM: fred at smith.com
250 Ok
RCPT TO: bob at jones.com
554 <bob at jones.com>: Relay access denied
HELO www.postnewspapers.com.au
250 mail.postnewspapers.com.au
MAIL FROM: bob at example.com
250 Ok
RCPT TO: fred%example.com at postnewspapers.com.au
554 <fred%example.com at postnewspapers.com.au>: Relay access denied
HELO www.postnewspapers.com.au
250 mail.postnewspapers.com.au
MAIL FROM: fakeuser at postnewspapers.com.au
250 Ok
RCPT TO: fred at example.com@postnewspapers.com.au
554 <fred at example.com@postnewspapers.com.au>: Relay access denied
QUIT
221 Bye

Once you've done some basic testing, submit it for testing at ordb.org . 
  They're sneaky, if your server config has weaknesses they'll find them.

When you say it's behind a gateway, did you mean some form of NAT? If 
so, none of the above will do you any good.  You could use a port 
forward for testing (optionally limited to a single source host, and 
possibly not port 25).  In my opinion, the only way to be sure is to 
test - there are enough ways to mess up configuring MTAs that no matter 
how sure you are that your config is good, testing from the outside is 
wise anyway.

--
Craig Ringer

More information about the plug mailing list