Once upon a time, when the Internet was young and innocent, MTAs accepted any message that was sent to them and did their best to deliver it, including sending it on to another host. This process is known as relaying. This cooperative approach has been so much abused in recent times that it is now viewed as a bad thing for an MTA to be unselective in the messages it is prepared to accept.

A host that accepts arbitrary messages for relaying is called an open relay; such hosts used to be common, but as levels of abuse have risen, they have almost all been eliminated. In today’s Internet, hosts that relay mail must ensure that they do so only in the specific cases they are expecting to handle, for example, only relaying to certain domains or from certain hosts.

The general increase in unsolicited mail has also caused MTAs to tighten up on their controls on all incoming messages, even when relaying is not involved. Much junk mail arrives with bogus sender addresses or syntactically invalid header lines; such mail can be kept out by checking before accepting messages. No such checks can be perfect, because a clever forger can usually find a way round them, but they do reduce the size of the problem.

Exim contains a number of different controls that are specified as options in the main section of the runtime configuration file. It is configured not to do any relaying “out of the box,” but other checks must be configured by the ...