The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

possible open relaying?

Discussion in 'E-mail Discussions' started by dev.null, Aug 27, 2007.

  1. dev.null

    dev.null Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    6
    I'm an exim novice and know just enough to be dangerous. I may have shot myself in the foot w/ my exim.conf by recently adding whitelist capability and would appreciate any help in diagnosing this relay problem. I don't want to be an open relay but can't seem to figure out where the relay is being permitted.

    exim -bpc yields lines like this:

    llpwdigitalportfolio.com isn't hosted on my box, so this isn't email sent to a local address. The from address of <> is immediately suspicious because it should be filled in, and I'd expect it to be an account on my box.

    I decide to take a look in the exim log to see where this email would have come from:

    It appears this email is actually the result of another email: 1IPhmU-00020M-IE, so I look in the log to see where it came from:

    So it looks like I receive an email (1IPhmU-00020M-IE) that is bound for a valid address on this box (listowner-contributors@beginthread.com), and somehow this email is then split into another email going to sales@llpw....

    My question is how is it that exim is being tricked into relaying like this?

    related files to follow in next posts (10,000 char limit to post).
     
  2. dev.null

    dev.null Well-Known Member

    Joined:
    May 27, 2003
    Messages:
    75
    Likes Received:
    1
    Trophy Points:
    6
    exim.conf is attached (dos and unix versions included for your viewing pleasure).

    and here's the whitelist file:

    root@vhost1 [/etc]# cat exim.whitelist
    *.nuvio.com
    *.nuvio.net
     

    Attached Files:

Loading...

Share This Page