Hi jeff and all DA community...

I have a problem which could be a potential bug i do not explain...

I have a client, which is experiencing system error return messages due to users unknown or to defer due to policy infringement at yahoo and nate.com

let me show you logs :
Here is log for yahoo...

2008-02-13 10:35:18 1JNluV-0006K2-UE SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == kmj2804@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == yhfighting@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == myung57@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == rgveda11@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == sseahee@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == woosungs2000@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == bag8282@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == ok5707@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == rmrdl77@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == rtos2000@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == sbr217@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3b.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE SMTP error from remote mail server after initial connection: host mx3a.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == kjy712129@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3a.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == lynniya@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3a.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == ms770610@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3a.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE == yksyks97@yahoo.co.kr R=lookuphost T=remote_smtp defer (0): SMTP error from remote mail server after initial connection: host mx3a.mail.yahoo.co.kr [202.165.108.248]: 421 4.7.0 [TS01] Messages from 87.252.2.45 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
2008-02-13 10:35:18 1JNluV-0006K2-UE ** yksyks97@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** ms770610@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** lynniya@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** kjy712129@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** sbr217@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** rtos2000@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** rmrdl77@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** ok5707@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** bag8282@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** woosungs2000@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** sseahee@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** rgveda11@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** myung57@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** yhfighting@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE ** kmj2804@yahoo.co.kr: retry timeout exceeded
2008-02-13 10:35:18 1JNluV-0006K2-UE Completed
2008-02-13 10:35:18 1JPE1O-0007Fu-PB <= <> R=1JNluV-0006K2-UE U=mail P=local S=6893 T="Mail delivery failed: returning message to sender" from <> for admin@car-consulting.fr
2008-02-13 10:35:18 1JPE1O-0007Fu-PB => admin <admin@car-consulting.fr> F=<> R=virtual_user T=virtual_localdelivery S=6993
2008-02-13 10:35:18 1JPE1O-0007Fu-PB Completed

and nate.com

2008-02-13 10:27:48 1JPDu8-000717-Io <= info@car-consulting.fr H=(nlueuph.net) [211.208.187.130] P=smtp S=1067 T="¢º±ÝÀ¶±Ç´ë~Ãâ(³â7.5~12%)49595" from <info@car-consulting.fr> for winphj@nate.com
2008-02-13 10:27:50 1JPDu8-000717-Io ** winphj@nate.com F=<info@car-consulting.fr> R=lookuphost T=remote_smtp: SMTP error from remote mail server after end of data: host smtp.nate.com [203.226.255.61]: 541 5.6.0 Your message was rejected by PATTERN FILTER
2008-02-13 10:27:50 1JPDuA-00071I-RI <= <> R=1JPDu8-000717-Io U=mail P=local S=2005 T="Mail delivery failed: returning message to sender" from <> for info@car-consulting.fr
2008-02-13 10:27:50 1JPDu8-000717-Io Completed
2008-02-13 10:27:50 1JPDuA-00071I-RI => info <info@car-consulting.fr> F=<> R=virtual_user T=virtual_localdelivery S=2104
2008-02-13 10:27:50 1JPDuA-00071I-RI Completed


Problem is following :
Account admin@car-consulting.fr doesn't exist on our servers.... But apparently there seems to be activity on this email...

Account info@car-consulting.fr exists but has passwords changed every 2 days... latest set this morning is 13 caracteres long alpha-numerical... It is technically impossible this password could get hacked in less than 5 minutes...

Where is the problem...
What acl should i use to block these mail sendings from our servers ???
(i've check rbl status, and server ip seems still to be clean... Only considered as problem on yahoo filtering system)


Edit : I've tested adding domains and sender email admin@car-consulting.fr in blacklist senders, and this doesn't solve anything...
User has experienced 549 system error messages that he shouldn't have to receive...
This is very weird...
Thks for urgent response

Tdldp

To complete... I tested mail relay tools...

Weirdly it accepts mail sent in relay ... this would mean this server acts as an open relay server...

there is there a real problem....

Here is exim.conf relay relatives
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist auth_relay_hosts = lsearch;/etc/virtual/auth_relay
#hostlist auth_relay_hosts = *
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
message = "Unknown User"
verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient

# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here

accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *


What must i configure to shut down this open relay thing...

If you whitelist any domain on your server, or any sender with an address on your server, anyone spoofing your address (or any address on that domain) can relay through your server. Don't whitelist either your own hosted domains or your own server.

If you whitelist your hostname, your IP# or any hostname which resolves to any IP# on your server, then anyone can relay through your server.

If none of these are true, then you'll have to look for an open or hackable script allowing spam to be sent from your server, or a user on your server doing the spammer.

Good Luck.

Jeff

Hi jeff....

So indeed, i have this domain added in whitelist domains...
Reason for this : my user gets his mail blocked when he sends mail with other collaborates in copy...
In France, Wanadoo (Orange) is not a reliable ISP and often has his dynamic ips that get listed... And above this, our clients often fall on these ips...

In result they can't send message to their internal domains, as it gets automatically stopped...

What i am wondering on this problem is that normally whitelist_domains which is file i use to cope the wanadoo problem, is normally only used on recipient verify....Why is it applying on sender ACL's ???

2nd question, which acl can i use or do you have hints on a valuable acl that will force all mail transit via our servers to be first identified by authenticated users only, or will allow relay mail from servers with ip's specifically identified in file whitelist_ip ???

If you whitelist you go around all the authentication. Don't whitelist domains/addresses on your servers if you don't want an open relay.

You can't really have both.

Jeff

Thks jeff, for your answer, yet in this case i have a major problem...
80 % of my clients, can't potentially send email to their collaborates, and to certains of their own clients who happen to be hosted on our servers...

My question is therefore the following :

Users use port 587 for authenticated smtp mail sending...
Login /password is to be given on this port...

How can i bypass all security settings on our server for an identified client sending his emails, and assure i do not get 'relay not permitted' or other refusal messages (block list and others) for our "identified clients"...

Yours..

Tdldp

Hi jeff,

Still big problems with exim....

Since these spam problems i've changed rules on whitelist domains / sender, removing local domains from whitelists...

I've added for authenticated users following rule just before : 550 : Relay not permitted in final block rules...

accept authenticated = *
control = submission

################################
# FINAL DENY EMAIL BEGINS HERE #
################################

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted, Aucune autorisation de relay

# ACL that is used after the DATA command
check_message:

Since then, i get this strange error :
Email adress get an @venus.cardiff.fr and most of all original email adresse is quoted.
In example below, you can see original email adress : info@car-consulting.fr
and modified from : "info@car-consulting.fr"@venus.cardiff.fr

2008-02-25 10:18:05 1JTZTH-0001Ee-7c <= "info@car-consulting.fr"@venus.cardiff.fr H=anantes-252-1-28-45.w82-126.abo.wanadoo.fr (Carserve) [82.126.83.45] P=esmtpa A=login:info@car-consulting.fr S=116146 id=003701c8778f$0c39c380$c8c809c0@Carserve T="TR: OFFRE KIA SPORTAGE" from <info@car-consulting.fr> for jacquier.xavier@neuf.fr
2008-02-25 10:18:05 1JTZTH-0001Ee-7c ** jacquier.xavier@neuf.fr F=<"info@car-consulting.fr"@venus.cardiff.fr> R=lookuphost T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<"info@car-consulting.fr"@venus.cardiff.fr> SIZE=119388: host av.mgp.neufgp.fr [84.96.92.100]: 550 5.1.0 <"info@car-consulting.fr"@venus.cardiff.fr> sender rejected
2008-02-25 10:18:05 1JTZTJ-0001Eh-B0 <= <> R=1JTZTH-0001Ee-7c U=mail P=local S=108550 T="Mail delivery failed: returning message to sender" from <> for "info@car-consulting.fr"@venus.cardiff.fr
2008-02-25 10:18:05 1JTZTJ-0001Eh-B0 ** info@car-consulting.fr@venus.cardiff.fr <"info@car-consulting.fr"@venus.cardiff.fr> F=<>: Unrouteable address
2008-02-25 10:18:05 1JTZTJ-0001Eh-B0 Frozen (delivery error message)
2008-02-25 10:18:05 1JTZTH-0001Ee-7c Completed


How do i solve this new one ???

EDITED : it seems to come from rule :
accept authenticated = *
control = submission

which adds @server footer...
Question is : How do i solve this so that it doesn't add @server postfix and if not possible, how do i activated rules that will allow port 587 authenticated local_domains users to send mail without prior controls...

Thks...

How can i bypass all security settings on our server for an identified client sending his emails, and assure i do not get 'relay not permitted' or other refusal messages (block list and others) for our "identified clients"...
Our exim.conf files accept authenticated users early in the ACLs; if you're having a problem and have not modified exim.conf, and if you're sure your user's ISP isn't blocking your server, then try using the exim -bh command (see man exim to see how exim is reacting to the user's attempt to send email.
it seems to come from rule :
accept authenticated = *
control = submission
I don't know, because I don't know anything about that control line; it's not in any of our exim.conf files. I don't know what it does.

Jeff