Ping a Specific Port

Question

Arne

Asked: 2014-11-04 14:47:34 +0800 CST2014-11-04 14:47:34 +0800 CST 2014-11-04 14:47:34 +0800 CST

How to make exim4 on Debian safe?

772

I am running exim4 on a vanilla Debian Stable system. The machine has proper DNS A and MX records. I want to use it as a mail server.

SMTP with TLS already works fine for authenticated users.

However I can still telnet from somewhere else to the server using smtp and send mails to my own domain by spoofing the MAIL FROM and picking the right RCPT TO.

How can I configure exim so that only real mail hosts with MX record can use unauthenticated SMTP?

1 Answers

Voted

Arne · Answer 1 · 2014-11-05T00:16:09+08:00

Arne

2014-11-05T00:16:09+08:002014-11-05T00:16:09+08:00

I found an answer on askubuntu which sort of makes my configuration better. It changes the default warning on failed RDNS lookup to an error. Debian usually only warns on a failed reverse DNS lookup, if CHECK_RCPT_REVERSE_DNS is set. However, this piece of configuration will change that to an error:

# Verify reverse DNS lookup of the sender's host.
deny
  message Reverse DNS verification failed
  !verify = reverse_host_lookup
  !hosts = ${if exists{CONFDIR/local_broken_dns_whitelist}\
                      {CONFDIR/local_broken_dns_whitelist} {}}

It seems what I want in the end is forward confirmed reverse DNS.

0

How to make exim4 on Debian safe?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?