Re: [Baruwa] Open Relay WTF!

[Jeremy McSpadden]

Yes. Your accepting all messages for some reason. 200ok on a fake email, but it 
is discarding. Still more processing than you want.

Let me look over your config again.

--
Jeremy McSpadden
Flux Labs, Inc | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless 
Solutions
Office : 850-250-5590x101<tel:850-250-5590;101> | Cell : 
850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>


On Sep 6, 2013, at 10:39 AM, "Ritchie P. Fraser" 
<r...@marinesoftware.co.uk<mailto:r...@marinesoftware.co.uk>> wrote:

OK.

I've used a couple of "open relay checking website" which report "relay 
accepted" for 3-5 of their  tests BUT I can see in the /var/log/exim/main.log 
that  each has a corresponding "rejected RCPT 
<x...@xxx.xxx<mailto:x...@xxx.xxx>>: discarded by RCPT ACL"

Does this mean All is good?

Ritchie

From: baruwa-boun...@lists.baruwa.org<mailto:baruwa-boun...@lists.baruwa.org> 
[mailto:baruwa-boun...@lists.baruwa.org] On Behalf Of Ritchie P. Fraser
Sent: 06 September 2013 14:41
To: Baruwa users list
Subject: Re: [Baruwa] Open Relay WTF!

exim restarted...

$ service MailScanner restart

Shutting down MailScanner daemons:
         MailScanner:                                      [  OK  ]
         incoming exim:                                    [  OK  ]
         outgoing exim:                                    [  OK  ]
Waiting for MailScanner to die gracefully ... dead.
Starting MailScanner daemons:
         incoming exim:                                    [  OK  ]
         outgoing exim:                                    [  OK  ]
         MailScanner:                                      [  OK  ]

And added our Exchange Server  to the organization...
Outbound relay settings
Relay Host: 192.168.0.101


From: baruwa-boun...@lists.baruwa.org<mailto:baruwa-boun...@lists.baruwa.org> 
[mailto:baruwa-boun...@lists.baruwa.org] On Behalf Of Jeremy McSpadden
Sent: 06 September 2013 14:32
To: Baruwa users list
Subject: Re: [Baruwa] Open Relay WTF!

Ok, that should have closed up the relay. Restart exim.

I am assuming you want to allow your exchange server to relay through ?

Go to the Organization and click it's name. In the top right you will see Add 
Relay Settings.

--
Jeremy McSpadden
Flux Labs, Inc | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless 
Solutions
Office : 850-250-5590x101<tel:850-250-5590;101> | Cell : 
850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>


On Sep 6, 2013, at 8:29 AM, "Ritchie P. Fraser" 
<r...@marinesoftware.co.uk<mailto:r...@marinesoftware.co.uk>> wrote:
OK I have uncommented the first and commented out the second lines in the 
config...

domainlist relay_sql_domains = RELAY_SQL_DOMAINS
#domainlist relay_sql_domains =

There are no records in the relaysettings table.

Ritchie

From: baruwa-boun...@lists.baruwa.org<mailto:baruwa-boun...@lists.baruwa.org> 
[mailto:baruwa-boun...@lists.baruwa.org] On Behalf Of Jeremy McSpadden
Sent: 06 September 2013 14:12
To: Baruwa users list
Subject: Re: [Baruwa] Open Relay WTF!

Your config:

#domainlist relay_sql_domains = RELAY_SQL_DOMAINS
domainlist relay_sql_domains =

You've made some changes and therefore opened it up as a relay.

https://github.com/fluxlabs/baruwa/blob/master/2.0/extras/centos/config/exim/exim.conf#L5
 == domainlist relay_sql_domains = RELAY_SQL_DOMAINS

Let's take a look at your tables in postgres to see what IPs your allowing to 
relay.
---
su - postgres
psql -d baruwa
\dt
---
You will see the list of tables ... 'relaysettings' is pulled from the 
Organization ( http://baruwa.domain.com/organizations/1/outbound/add )
---
SELECT *
FROM relaysettings;
---

baruwa=# SELECT *
baruwa-# FROM relaysettings;
 id |    address    | username | password | enabled | org_id
----+---------------+----------+----------+---------+--------
  1 | x.x.x.x |          |          | t       |      1
  2 | y.y.y.y  |          |          | t       |      2
(2 rows)

Do you have any odd entries?

--
Jeremy McSpadden
Flux Labs, Inc | http://www.fluxlabs.net<http://www.fluxlabs.net/> | Endless 
Solutions
Office : 850-250-5590x101<tel:850-250-5590;101> | Cell : 
850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>

On Sep 6, 2013, at 7:18 AM, Ritchie P. Fraser 
<r...@marinesoftware.co.uk<mailto:r...@marinesoftware.co.uk>> wrote:


List people.

It seems that my exim/MailScanner/Baruwa mail server is an open relay!

I have looked at the exim documentation Baruwa documentation and just can't 
figure out what I have to do.

My system was installed using Jeremy's script and the configuration file for 
exim has been heavily modified by the baruwa script.

How do I close the open relay?

Kind Regards

Ritchie

_______________________________________________
http://pledgie.com/campaigns/12056
_______________________________________________
http://pledgie.com/campaigns/12056

_______________________________________________
http://pledgie.com/campaigns/12056