LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-19-2011, 11:37 AM   #1
kinther
LQ Newbie
 
Registered: Mar 2011
Posts: 2

Rep: Reputation: 0
Smile Left Exim4 as open relay, got reported as spam...


So I'm relatively new to working with server side linux services (ie. exim4/dovecot/mysql). About a week ago I set up an exim4 server successfully and was able to send/receive mail! I fired off a couple emails to my friend and never got a response. Oh well, I thought, must be because my domain name might be considered spam.

Flash forward to today and I get an email from the people who host my server, telling me that I have left my exim4 relay open. Looking through some of my users' email, I see a series of messages with the subject 'Message frozen':

Code:
Message 1QCCQJ-0004FP-OY has been frozen (delivery error message).
The sender is <>.

The following address(es) have yet to be delivered:
  hunggueigi@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<hunggueigi@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  iambug15@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<iambug15@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  mark701017@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<mark701017@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  jenai92@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<jenai92@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  kanny47@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<kanny47@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  muta0513@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<muta0513@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  pkcesos@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<pkcesos@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  mds326@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<mds326@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  h0918942094@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<h0918942094@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  plutus5888@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<plutus5888@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  karen.27@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<karen.27@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  airshaqpig@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<airshaqpig@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  carlier.tw@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<carlier.tw@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  twkidlai@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<twkidlai@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  charles_03.tw@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<charles_03.tw@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  ranger8819@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<ranger8819@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  hohokevinlin@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<hohokevinlin@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  t2724125@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<t2724125@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  hkj7292@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<hkj7292@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  vanillaliang@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<vanillaliang@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  mego7777@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<mego7777@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  ecoin13@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<ecoin13@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  gary2i47111@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<gary2i47111@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  n21232@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<n21232@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  yeling4710@yahoo.com.tw: SMTP error from remote mail server after RCPT TO:<yeling4710@yahoo.com.tw>: host mx1.mail.tw.yahoo.com [203.188.197.119]: 452 Too many recipients
  cloud72055635@yahoo.com.tw: SMTP error from remote mail server after end of data: host mx1.mail.tw.yahoo.com [203.188.197.119]: 554 delivery error: dd This user doesn't have a yahoo.com.tw account
(cloud72055635@yahoo.com.tw) [0] - mta1022.mail.tp2.yahoo.com
And from the /var/log/exim4/mainlog:

Code:
root@pserv:/var/log/exim4# tail mainlog
2011-04-19 09:29:20 1Q5lNH-0007oF-2T SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == abeabe29@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == rain621224@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == q123326154@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == alxe419@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:20 1Q5lNH-0007oF-2T == u770020@yahoo.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx1.mail.tw.yahoo.com [203.188.197.119]: 421 4.7.0 [TS01] Messages from xxx.xxx.xxx.xxx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2011-04-19 09:29:21 1Q5lNH-0007oF-2T == tonyhsu_tw@pchome.com.tw R=dnslookup_relay_to_domains T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<tonyhsu_tw@pchome.com.tw>: host mxs.pchome.com.tw [211.20.188.150]: 450 4.7.1 Client host rejected: cannot find your hostname, [xxx.xxx.xxx.xxx]
2011-04-19 09:29:24 1Q5ke1-00073t-Sx msa-mx3.hinet.net [168.95.6.116] Connection timed out
2011-04-19 09:29:27 1Q5lcV-0006i8-F7 msa-mx11.hinet.net [168.95.6.173] Connection timed out
2011-04-19 09:29:30 1Q5ltL-0004dM-0X msa-mx7.hinet.net [168.95.6.148] Connection timed out
I think it's safe to assume someone noticed my open relay and began using it to send out bulk spam mail. Does anyone have any idea on how I can start to lock this down? I'm thinking of starting with dpkg-reconfigure exim4-config, but could use some advice with this situation.
 
Old 04-19-2011, 12:00 PM   #2
technodweeb
Member
 
Registered: Dec 2006
Location: South Dakota
Distribution: Red Hat, Ubuntu
Posts: 32

Rep: Reputation: 2
I don't use exim, but it sounds like you are not requiring smtp authentication when users send mail. http://www.exim.org/exim-html-3.20/d...l/spec_35.html has information on setting up smtp authentication. You will need to decide what works best for you for user management and if passwords will be encrypted or not. There is a site called www.dnsstuff.com that has some tools for testing your mail server. They are a subscription site ($), but I think they allow a trial subscription for a time. Might give you some more information on what is left open. ie. stuff like reverse DNS not valid that will also get you listed as a spam source. Hope this gives you a starting point.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix spam. someone is using my server to send spam and it's not open relay bob808 Linux - Server 6 03-23-2010 09:44 AM
exim4 relay madness. need help. superduperdoo Linux - Server 0 09-02-2009 12:06 AM
exim4 relay upload-3 Linux - Networking 0 06-28-2006 03:49 PM
Open Mail Relay without spam. dlublink Linux - Software 2 04-25-2006 11:46 AM
Spam, PostFix, OPen Relay question linchat Linux - Software 1 09-15-2005 03:22 PM


All times are GMT -5. The time now is 08:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration