Relays, exim and cpanel

[split]

Hello,

this is a question about Exim, but perhaps someone has got the same problem.
I've some relays for antispam/antivirus and the MX record for all domains from the Cpanel servers changed to go through those servers.
The problem is that some spammers sends mails directly to the A record of the domain (the Cpanel server) so those mails aren't scanned.

Any solution to this?
Any way to say to Exim to refuse incoming mail that doesn't come from relays or isn't authenticated (to send outside)?

Thanks!

Regards,
split.

 

[nickp666]

this is perfectly possible with acl's - http://www.exim.org/exim-html-4.20/doc/html/spec_37.html

I will write one for you later on if you have no joy

 

[split]

Hello!

thx for the answer, I'm reading now the ACL section of the Exim tutorial (I've never use them :-/ ).
Can you write one to see how it works, please?

Thanks!

Regards,
split.

 

[nickp666]

Something like this should do it, its only a simple example but you should get the point.

In the top box of the advanced exim config editor in WHM add:

acl_smtp_helo = acl_check_helo

Then in the ACL section:

acl_check_helo:
    deny message = Invalid HELO/EHLO. You are not a server on my network.
            condition = ${if match{$sender_helo_name}{yourservers.fqdn.com}{no}{yes}}

     accept

 

[split]

Hello again!

thinking about it, I've seen that commenting some lines from exim.conf could be enought:

check_recipient:
accept hosts = :
require verify = sender
# accept domains = +local_domains
# endpass
message = "The recipient cannot be verified. Please check all recipients of this message to verify they are valid."
verify = recipient

# accept domains = +relay_domains

warn message = ${perl{popbeforesmtpwarn}{$sender_host_name}}
hosts = +relay_hosts
accept hosts = +relay_hosts

warn message = ${perl{popbeforesmtpwarn}{$sender_host_address}}
condition = ${perl{checkrelayhost}{$sender_host_address}}
accept condition = ${perl{checkrelayhost}{$sender_host_address}}

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

deny message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.


Commenting the lines:

# accept domains = +local_domains
# accept domains = +relay_domains

Exim won't accept mails if they aren't comming from relay_hosts (where I've defined the relays) or not authenticated.

I'm right?

Thanks!

Regards,
split.

 

[nickp666]

commenting out those lines will stop all incoming mail traffic which is fine if you only want your server to send out, but stop any mail pushed from your other servers.

accept domains = +local_domains - accept e-mail for local domains
accept domains = +relay_domains - accept e-mail for domains in /etc/remotedomains


adding a hosts accept would be a better way of securing it in actual fact

warn message = Sorry your server is not permitted to relay to us.
hosts = +our_hosts
accept hosts = +our_hosts

then add an acl called our_hosts with the lsearch syntax used for the others