How to prevent open relay with exim

exim

I have setup exim as a relay server running on nonstandard port. But now spammers have abused it as a relay server for them. How do I prevent this from happening? Can I still have my server as a relay server but prevent spammers to abuse it at the same time?

Thanks for your help.

Best Answer

I'd recommend requiring authentication. This document and this wiki entry on authentication should help (I've never used Exim so I can't help with the detail I'm afraid).

Related Solutions

How to configure Exim to drop non-authenticated connections on alternate SMTP port

We use the following rules in acl_check_rcpt, but I suspect they would work better in acl_check_helo

deny
   condition      = ${if and{{eq{$interface_port}{587}} {eq{$tls_cipher}{}} } }
   message        = All port 587 connections must use TLS

deny condition    = ${if eq{$interface_port}{587}}
   !authenticated = *
   message        = All port 587 connections must be Authenticated

Obviously you only want the second of the two rules, but the first shows how to reject non-TLS connections. You may want to think about disallowing plaintext authentication methods if you aren't going to enforce TLS.

Intermediate SMTP server (exim), how to handle backscatter

IMHO, your best option is using an exim/spamassassin combination, cofigured to reject mail at STMP time (i.e. before accepting it) to mitigate backscatter.

Add in some RBL whitelisting/blacklisting to refuse or (better?) greylist inbound mail at connection time.

This should be sufficient to reduce the queue size.

There's lots of info on how to configure exim+spamassassin, as a start take a look here.

Best Answer

Related Solutions

How to configure Exim to drop non-authenticated connections on alternate SMTP port

Intermediate SMTP server (exim), how to handle backscatter

Related Topic