[Wolves] Exim relay problem
Wayne Morris
wayne at machx.co.uk
Wed Jun 14 14:49:02 BST 2006
Wayne Morris wrote:
> Hi,
>
> Just noticed that my exim 4 email server (on FC3) has become an open
> relay.
> Here are the first few lines of a sample incoming spam email:
>
>
>
> Maybe I'm reading it wrong, but it appears to be getting through
> because the relayer is spoofing its address as 127.0.0.1 which EXIM
> was set to allow.
> However, I have blocked relaying fro 127.0.0.1 and its still getting
> through.
>
> Any ideas?
>
>
Right, removing 'relay from 127.0.0.1' DID stop the message being
relayed, but the message was being bounced back to me as an error.
I've now renamed the email server, so relays are rejected and bounces go
to null.
But how do I stop the attack/ and or find out and block the ip address
of the attacking pc - my Eximon just shows incoming mail from 127.0.0.1
and my hostname?
More information about the Wolves
mailing list