New install, open relay

[damn]

Hello,

I tried making a fake email account in Outlook today, to see if I could send mail through my new server running DA.

If I used a fake sender email address, one that doesn't exist, it doesn't work.

If I use a real sender email address, such as [email protected], it works!

In both examples I am sending mail to an external account, ie: one that is not on that server.

Shouldn't it only allow emails to go through for email accounts that exist on the server? Or require some kind of authorisation?

 

[toml]

There are two issues you hit. One is popb4smtp which allows you to send emails without authentication if you read your pop mail within x number of minutes. The other is the sender_verify flag in exim that trys to insure the senders email address is real. I am not 100% sure that sender_verify kicks in when sending emails, but by your description it sounds like that is the problem.

 

[damn]

I assume its not the popb4smtp as I'm sending mail out with an email address that doesn't exist on the server, so it can't have POP'd before SMTP'ing.

I'll check that sender_verify tag.

 

[toml]

Do a search for popb4smtp it works vi IP address not email address.

 

[damn]

Do a search for popb4smtp it works vi IP address not email address.

Ohh clever! Curse my static IP!

 

[damn]

Quite correct, I RDP'd into a clients network, tried it from there and got authorisation required.

Sorry for wasteing everybody's time.