Open relay?

twv

Verified User
Joined
Oct 31, 2003
Messages
217
My DA mailserver is not doing any smtp authentication. How do I turn smtp auth on? I have a reseller acct.
 
Hello,

It should be on by default (we don't have an option to flip it off)... double check the username and passwords you are using.. use "username" for your system mail account and "[email protected]" for virtual pop accounts. Also, try resetting the password to make sure it's what you think it is.

John
 
The thing is, it's not asking for a username or password. Here's an SMTP session, edited to remove actual domain names and IP addresses:

SMTP< 220 mail.mydomain.com ESMTP Exim 3.36 #1 Fri, 31 Oct 2003 09:29:28 -0800
SMTP> HELO my.local.domain
SMTP< 250 mail.mydomain.com Hello my.local.domain [XX.XX.XX.XX]
SMTP> MAIL FROM: <[email protected]>
SMTP< 250 <[email protected]> is syntactically correct
SMTP> RCPT TO: <[email protected]>
SMTP< 250 <[email protected]> is syntactically correct
SMTP> DATA
SMTP< 354 Enter message, ending with "." on a line by itself
SMTP> . (EOM)
SMTP< 250 OK id=1AFd5X-000499-00
SMTP> QUIT
SMTP< 221 mail.mydomain.com closing connection


I did receive the email that was sent this way. Neither the mail from nor the rcpt to domains are on the server.

When I tried to send the mail through a different (non-DA) server, I got the expected relaying denied message.
 
Hello,

If you use pop to check your email, your IP will be on the relay list. It's called da_popb4smtp, whereby anyone who was succesfully authenticated with pop is added to a file (/etc/virtual/pophosts) which exim uses to allow relaying without smtp auth.

John
 
OK, so pop before smtp uses IP address rather than email address. I didn't know that.

But... I'm on a dialup, so I disconnected and reconnected to get a new IP address. Then, without checking for mail, I was still able to send w/o smtp auth.
 
are you using a proxy? You can check the ip that is in the file. You could also try stopping da_popb4smtp:

service da_popb4smtp stop

then remove the /etc/virtual/pophosts.. and THEN see if you still can send. I know open relays are definately disabled with our stock install..
 
No proxy, and no root access to stop services. But there's a thread about this at the host's forums and there maybe an issue with the popb4smtp timeout being much too high.

Thanks for your help.
 
Hello,

It's set to 30 minutes. It can be lowered if people feel that it's too high, or I can make it settable from the command line.

John
 
set from the command line would be good - I'd say a 10min check would be sufficient for most...

Just my humble opinion

Joe
 
popb4smtp can overload a server(disk I/O) if there are a lot of account checking. It would be very nice if smtp auth could be implemented.
SMTP auth + ssl is a nice email server config ;)
 
Hello,

Smtp Auth already exists. It was around way before popb4smtp :)

and just as a note, the way I wrote da_popb4smtp, it checks the maillog for a change.. it doesn't actually open the file. When a change is found (last modified date changed), then it will automtically go to the last point it read from in the file and only parse the new lines.

But, smtp-auth is still more efficient :)

John
 
interfasys said:
popb4smtp can overload a server(disk I/O) if there are a lot of account checking. It would be very nice if smtp auth could be implemented.
SMTP auth + ssl is a nice email server config ;)


SSL would be quite easy.. Stunnel makes that much easier :D
 
Hello,

I believe exim can already do it. Just edit /etc/init.d/exim
and make the start), stop) and reload functions look like:
Code:
exim -bd -oX 465 -tls-on-connect
  start)
        # Start daemons.
        echo -n "Starting exim: "
        daemon "/usr/sbin/exim $EXIM_OPTS -oP /var/run/exim.pid"
        daemon "/usr/sbin/exim $EXIM_OPTS -oP /var/run/exims.pid -oX 465 -tls-on-connect"
        echo
        touch /var/lock/subsys/exim
        ;;
  stop)
        # Stop daemons.
        echo -n "Shutting down exim: "
        kill `cat /var/run/exims.pid`
        if [ -e /var/run/exim.pid ]; then kill `cat /var/run/exim.pid`; fi
        echo
        rm -f /var/lock/subsys/exim
  reload)
        if [ -e /var/run/exim.pid ]; then kill -HUP `cat /var/run/exim.pid`; fi
        if [ -e /var/run/exims.pid ]; then kill -HUP `cat /var/run/exims.pid`; fi
        ;;

Give that a go.. it could work.

John
 
Back
Top