How to turn off open relay?

patrik said:
Which version of DirectAdmin is that, because I can't find the tool.

Could it be the case that these mails are created out from a script running on your webserver?

Server Version 1.28.0
Go to admin level -> admin tools -> Mail Queue Administration.

I don't think that the mails are created out from a script, unless my server is hacked?
 
That's the same version as I'm running but I can't see any Mail Queue Administration menu item, maybe this has something to do with me running FreeBSD 6.

I'm going home from the office now and can't answer anymore until tomorrow morning. My guess is that these mails are created out from a script, based on this line:

155P Received: from mail by srv01.domain.com with local (Exim 4.60)
But I'm not completly sure, I'm not an expert on understanding Exim queues/logs.
 
problem with smtpauth

hello,
I would like only my clients use smtp server with username and password

At this time everyone use my smtp server with username and password less !

My clients and others online users (no clients)

Plz help
 
Guillermo said:
Server Version 1.28.0
Go to admin level -> admin tools -> Mail Queue Administration.

Doesn't exist on my server either and I am running CentOS 4.4....please hover your mouse over and provide us a CMD_ so we can check this out further...thx!
 
Wow, that's a cool new feature. If you click on the id of one of the messages it opens up a very useful window including the header information, the body information and even the log entry for that email.

I too had a bunch of very strange listings in there similar to what Guillermo was seeing and was worried that my server had possibly become compromised.

Upon further investigation I found that the messages seem to be undeliverable messages that were created by vacation responders that had been set up for some of my users. It looks like spam emails that are getting past SpamBlocker are triggering vacation responses but to undeliverable email addresses, I don't believe that this is anything to worry about.

Does anybody know how long these will stay in the queue before automatically being deleted? My oldest one is 4 days. Is it safe to simply delete them or is it better to let them sit there until they eventually time out?
 
First of all, why are you posting the exim.conf that everybody is using. Unless you have modified it. The lines of code that stops open relay is

Code:
accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted

Users must authenticate otherwise they will be told REALY NOT PERMITTED. This is the same line i copied from your posted exim.conf.

I doubt you are open relay. i would question the service you tested your ip on. Try another service and see if you get the same open relay results.
 
Note that your server will test as an open relay if any of the domains on your server are also in any of the /etc/virtual/whitelist* folders.

So if they are, take 'em out.

Jeff
 
Back
Top