how is relaying still possible?

liorm

Verified User
Joined
Feb 2, 2012
Messages
28
Hey All,

I noticed that our mail server hits blacklists often, and decided to test relaying through the server.
Upon testing, it appears that relaying is possible on a specific method, somehow, not sure how.. this is why I am posting, to get a direction.

I am able to to send a message from a foreign domain, to a local domain on the DA server.. so far that is expected, however, if I add a foreign domain recipient to the same SMTP session, that is passed through to the server's "remote_smtp" - relaying :mad:

Sending syntax:
on the rcpt to: [email protected] <space> <mailbox@localdomain>
Obviusly, the server should not accept this message and pass onto smtp server, as it is sending to a gmail mailbox in addition to a local domain one.


Server log:
2019-02-04 10:37:01 H=(L--N) [xx.xx.xx.xx] incomplete transaction (RSET) from <[email protected]> for mailbox@localdomain
2019-02-04 10:37:01 1gqZkT--GE <= [email protected] H=(L--N) [xx.xx.xx.xx] P=esmtp S=818 id=d40e2b.xx T="Test from SMTP Diag Tool" from <[email protected]> for mailbox@localdomain
2019-02-04 10:37:01 1gqZkT--GE => mailbox <mailbox@localdomain> F=<[email protected]> R=virtual_user T=virtual_localdelivery S=932
2019-02-04 10:37:02 1gqZkT--GE =>[email protected] <mailbox@localdomain> F=<[email protected]> R=smart_route T=remote_smtp S=851 H=x.x.x.x [x.x.x.xx] C="250 2.0.0 Ok: queued as DF23C5A"


exim.conf:

smart_route:
driver = manualroute
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
route_list = * smtpserver.xx.com
no_more


Hope this is clear :)
Any ideas?

Thx!
 
Hello,

Do you have too old exim.conf/exim.pl? What are their versions?

I have these results on my end:

Code:
Connected to server.example.net.
Escape character is '^]'.
220 server.example.net ESMTP Exim 4.91 Mon, 04 Feb 2019 16:49:52 +0700
HELO my.example.net
250 server.example.net Hello my.example.net [2a03:xxxx:xx1::1]
MAIL From: <[email protected]>
250 OK
RCPT To: [email protected] [email protected]
501 [email protected] [email protected]: malformed address: [email protected] may not follow [email protected]


I've replaced real domain and mailbox names, assuming [email protected] is hosted locally on the server.example.net.

I'm with the latest exim.conf from the 4.5.x branch.
 
Thx Alex!

I'm on 4.89
..Make sure you put the brackets on the second recipient.
 
It's not the newest edit if that's what you mean... :) I would still want to pin-point the cause for this behavior.

BTW, here's what the smtp server log entry looks like:

Feb 3 09:51:32 mxo postfix/pickup[6364]: 1693037: uid=501 from=<[email protected]>
Feb 3 09:51:32 mxo postfix/cleanup[6175]: 1693037: message-id=<[email protected]>
Feb 3 09:51:32 mxo postfix/qmgr[5448]: 1693037: from=<[email protected]>, size=18616, nrcpt=1 (queue active)
Feb 3 09:51:32 mxo postfix/smtp[6484]: 1693037: to=<mailbox@publicdomain>, relay=aspmx.l.google.com[108.177.15.27]:25, delay=1, delays=0.44/0/0.2/0.4, dsn=2.0.0, status=sent (250 2.0.0 OK 154993 h3296wmh.77 - gsmtp)
Feb 3 09:51:32 mxo postfix/qmgr[5448]: 1693037: removed
 
Not too sure which brackets you mean. According to wiki https://en.wikipedia.org/wiki/Bracket they can be: [ ] ( ) { } ⟨ ⟩

So I tried:

Code:




Check exim.conf version:

Code:
head -1 /etc/exim.conf

I've got


Code:
# SpamBlockerTechnology* powered exim.conf, Version 4.5.12

Check exim.pl version:

Code:
grep VERSION= /etc/exim.pl

I've got


Code:
#VERSION=24


I would still want to pin-point the cause for this behavior.


Read your exim.conf then. Or open a ticket with directadmin support and provide access to your server, they might help you free of charge.
 
Back
Top