LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 03-02-2009, 11:46 AM   #1
norobro
Member
 
Registered: Feb 2006
Distribution: Debian Sid
Posts: 792

Rep: Reputation: 329Reputation: 329Reputation: 329Reputation: 329
Exim4 - relaying?


I helped a friend upgrade her system from an old Mepis release to Lenny recently. She hosts her own website and sends/receives mail with exim4. I have been monitoring the logs remotely and in the past week there have been some entries in the exim4 log that have puzzled me.

For example:
Code:
2009-03-02 09:40:59 1LeAGJ-0003A3-Pg <= firstname.lastname@usa.net U=www-data P=local S=2191 id=fd0d105d658bca900bfe3394a031bd0d@www.foo.com
2009-03-02 09:41:20 1LeAGJ-0003A3-Pg => lizarita@maturez.com R=dnslookup T=remote_smtp H=mail.maturez.com [72.232.184.154]
2009-03-02 09:41:20 1LeAGJ-0003A3-Pg Completed
The "firstname.lastname@usa.net" is my friend's hosted email account that appears on her web pages and is not local to this machine. "www.foo.com" is her website. User "www-data" is aliased to her username in /etc/aliases.

I reran dpkg-reconfigure exim4-config and made sure the entries for relaying were blank .

Not being familiar with operating a mail server I looked at the exim4 documentation and frankly it is a bit overwhelming.

Is her system acting as a relay? If so, how do we stop it?

Thanks in advance for any help.

Norm

Last edited by norobro; 03-02-2009 at 12:07 PM. Reason: changed www to www-data
 
Old 03-03-2009, 01:07 PM   #2
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,243
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
You can use an open relay test to check, http://www.abuse.net/relay.html
To me, that looks like the website on the local machine sending an email to someone @maturez.com.

apache2 is run with user www-data
Code:
www-data 11837  0.0  3.3  83224 69848 ?        S    Mar02   0:00 /usr/sbin/apache2 -k start

I'm not familiar with EXIM either, so when I ran into a mail issue with my website (website wouldn't send mail) I just did aptitude install postfx, and my mail issue was resolved in under 5 miuntes. the postfix config allowed me to easily set a smarthost to relay mail for the server, while exim just sorta held onto everything, while showing in the logs it had been sent.. Guess I just find it easier to work with an MTA that I'm familiar with.
 
Old 03-03-2009, 02:07 PM   #3
norobro
Member
 
Registered: Feb 2006
Distribution: Debian Sid
Posts: 792

Original Poster
Rep: Reputation: 329Reputation: 329Reputation: 329Reputation: 329
Quote:
Originally Posted by farslayer View Post
To me, that looks like the website on the local machine sending an email to someone @maturez.com.
Bingo, Farslayer.

My friend has moodle installed on her machine. I had no prior knowledge of 'Moodle' and when upgrading her machine, I really didn't pay much attention to the program. The only thing that I did was backup the mysql files from her old system using 'mysqldump' and restore them to the the new lenny install. Come to find out she has email authentication enabled which allows anyone to self-create an account. This is a known security issue and spammers take advantage of it.

From the moodle site:
Quote:
The problems with these settings is that spammers can create a page on the Moodle site which they can fill with links and pictures of porn and other nasty stuff. This in turn comes up in Google searches for those things, and is used to boost ratings to porn sites or hacking sites designed to take over your personal computer. Note that this content is designed for people using search engines, and is usually not available from within the Moodle site itself (since spammers don't join any courses) so users and admins are usually not even aware their site is having this problem.
Apparently all outgoing mail, from moodle, has the administrators email address in the 'From:' field.

So, I don't have an exim4 problem after all.

Thanks for the tip, my friend.

Norm

Last edited by norobro; 03-03-2009 at 02:24 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Exim4 relaying question tensigh Linux - Server 2 08-04-2008 10:24 AM
exim4 help mithereal Linux - General 3 08-29-2005 03:49 PM
exim4 exim4, setup debian tongueroo Linux - Networking 1 11-09-2004 04:12 AM
relaying GraemeK Linux - Networking 1 08-25-2003 02:04 PM
Senmail -- Q on Relaying or something. Tomasfuego Linux - Software 2 04-22-2003 08:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 04:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration