LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Left Exim4 as open relay, got reported as spam... (http://www.linuxquestions.org/questions/linux-server-73/left-exim4-as-open-relay-got-reported-as-spam-875919/)

kinther 04-19-2011 11:37 AM
Left Exim4 as open relay, got reported as spam...
 
So I'm relatively new to working with server side linux services (ie. exim4/dovecot/mysql). About a week ago I set up an exim4 server successfully and was able to send/receive mail! I fired off a couple emails to my friend and never got a response. Oh well, I thought, must be because my domain name might be considered spam.

Flash forward to today and I get an email from the people who host my server, telling me that I have left my exim4 relay open. Looking through some of my users' email, I see a series of messages with the subject 'Message frozen':

Code:
Message 1QCCQJ-0004FP-OY has been frozen (delivery error message).
The sender is <>.

The following address(es) have yet to be delivered:
  hunggueigi@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<hunggueigi@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  iambug15@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<iambug15@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  mark701017@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<mark701017@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  jenai92@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<jenai92@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  kanny47@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<kanny47@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  muta0513@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<muta0513@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  pkcesos@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<pkcesos@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  mds326@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<mds326@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  h0918942094@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<h0918942094@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  plutus5888@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<plutus5888@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  karen.27@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<karen.27@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  airshaqpig@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<airshaqpig@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  carlier.tw@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<carlier.tw@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  twkidlai@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<twkidlai@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  charles_03.tw@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<charles_03.tw@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  ranger8819@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<ranger8819@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  hohokevinlin@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<hohokevinlin@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  t2724125@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<t2724125@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  hkj7292@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<hkj7292@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  vanillaliang@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<vanillaliang@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  mego7777@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<mego7777@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  ecoin13@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<ecoin13@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  gary2i47111@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<gary2i47111@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  n21232@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<n21232@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  yeling4710@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<yeling4710@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  cloud72055635@yahoo.com.tw: SMTP error from remote mail server after end of data: host mx1.mail.tw.yahoo.com [203.188.197.119]: 554 delivery error: dd This user doesn't have a yahoo.com.tw account
(cloud72055635@yahoo.com.tw) [0] - mta1022.mail.tp2.yahoo.com
And from the /var/log/exim4/mainlog:

Code:
root@pserv:/var/log/exim4# tail mainlog
2011-04-19 09:29:20 1Q5lNH-0007oF-2T SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == abeabe29@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == rain621224@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == q123326154@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == alxe419@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == u770020@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:21 1Q5lNH-0007oF-2T == tonyhsu_tw@pchome.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<tonyhsu_tw@pchome.com.tw>: host mxs.pchome.com.tw [211.20.188.150]: 450 4.7.1 Client host rejected: cannot find your hostname, [xxx.xxx.xxx.xxx]
2011-04-19 09:29:24 1Q5ke1-00073t-Sx msa-mx3.hinet.net [168.95.6.116] Connection timed out
2011-04-19 09:29:27 1Q5lcV-0006i8-F7 msa-mx11.hinet.net [168.95.6.173] Connection timed out
2011-04-19 09:29:30 1Q5ltL-0004dM-0X msa-mx7.hinet.net [168.95.6.148] Connection timed out
I think it's safe to assume someone noticed my open relay and began using it to send out bulk spam mail. Does anyone have any idea on how I can start to lock this down? I'm thinking of starting with dpkg-reconfigure exim4-config, but could use some advice with this situation.

technodweeb 04-19-2011 12:00 PM
I don't use exim, but it sounds like you are not requiring smtp authentication when users send mail. http://www.exim.org/exim-html-3.20/d...l/spec_35.html has information on setting up smtp authentication. You will need to decide what works best for you for user management and if passwords will be encrypted or not. There is a site called www.dnsstuff.com that has some tools for testing your mail server. They are a subscription site ($), but I think they allow a trial subscription for a time. Might give you some more information on what is left open. ie. stuff like reverse DNS not valid that will also get you listed as a spam source. Hope this gives you a starting point.


All times are GMT -5. The time now is 11:21 PM.