Blocking local relays

[brianell]

Hi,

I am an absolutely newbie at Exim and Nix boxes. Currently running the following setup: cPanel 11.24.5-S37946 - WHM 11.24.2 - X 3.9
CENTOS 5.3 i686 Exim Version 4.69

My problem is that I have some users who have created a generic account allowing third parties to access my smtp server to send mail. Basically this is noticed by virtue of the user doing a login, then the mail does not have a "from" or "reply to" address within any of the domains I host.

From the Exim Log.
2009-08-03 09:27:32 1MXrxB-0005cP-8E <= finance@chengeta.com H=(chengeta2) [217.30.24.144]:55071 I=[74.53.240.98]:25 P=esmtpa A=fixed_login:bsatusers@bsatt.com S=1281 T="RE: QUOTATIONS" from <finance@chengeta.com> for axon@brookespar.co.zw sales@brookespar.co.zw
2009-08-03 09:27:36 SMTP connection from (chengeta2) [217.30.24.144]:55071 I=[74.53.240.98]:25 closed by QUIT

chengeta.com is not a domain I host. The party is logging in to a generic account (bsatusers@bsatt.com) and utilising our SMTP transport. I do host bsatt.com.

I would like to block this (and a few others) and figure it must be an ACL issue with a list of allowed domains in the sender envelope, but have no clue as to how to do this, and not want to "break" the EXIM server running on my box.

The easiest as I can see it would be to have a file with the domains I host all listed, and when a "login" occurs, this list is referenced to see if it can allow the sender envelope to pass the message.

Looking forward to learning how to do this.....

Regards
Brian
Zimbabwe

[thewebhosting]

According to the logs it seems that its a spoofing mail. You can add SPF record to stop the spoofing mails. However, there is no gurantee to stop 100% spoofing mails. To the alternative to this you need to change the password of the email address bsatusers@bsatt.com or band the email address.