Mailinglist Archive: opensuse (4208 mails)
| < Previous | Next > |
Re: [SLE] Stopping open mail relay in SuSE standard server.
- From: James Knott <james.knott@xxxxxxxxxx>
- Date: Sun, 25 Jul 2004 21:18:16 -0400
- Message-id: <41045BD8.6060800@xxxxxxxxxx>
Anders Johansson wrote:
The entire access file is comments, there are no lines that don't start with "#". There are no users on the system yet, as it hasn't been turned up for use.
I used both the abuse.net test site, that someone mentioned yesterday and http://members.iinet.net.au/~remmie/relay/. The abuse site will only allow me to send an anonymous test, which only tests if the server will accept a message. It does not actually send a message that can be forwarded. I was not able to be registered, so that I could send an actual test message. The ~remmie/relay site allowed me to send a message to myself, via the server relay. Those messages reached me.
When I try that test with postfix turned off, I get the following:
"Open Relay Test Results
Default domain is staff.iinet.net.au
Connecting to 69.156.194.250 ...
<<< 421 4.4.1 SGS.DESTINYFIN.com Unable to contact destination
FAILURE
Unfortunately the program failed because...
The connection was rejected"
--------------------------------------
Then after starting postfix, I get:
"Open Relay Test Results
Default domain is staff.iinet.net.au
Connecting to 69.156.194.250 ...
<<< 220 [69.156.194.250] SMTP
>>>> HELO staff.iinet.net.au
<<< 250 [69.156.194.250] talking to domain-web-03.iinet.net.au ([203.59.3.83])
To: james.knott@xxxxxxxxxx
From: spamtest@localhost
>>>> MAIL FROM:
<<< 250 Ok
>>>> RCPT TO:
<<< 250 Ok
>>>> DATA
<<< 354 End data with .
>>>> MESSAGE
<<< 250 Ok: queued as A3D9B1FB2
SUCCESS
Relay Accepted - final response code 250
If you dont recieve it then its not a relay (Its still a Bad Thing (TM) that it accepted)
Check your email"
-------------------------------------------------------
Then a couple of minutes later, the test message arrives:
"This is a test of third-party mail relay.
Target host = 69.156.194.250 7932516
Test performed by <spammer@xxxxxxxxx>
A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to attack and hijack by Internet
vandals and spammers.
For information on how to secure a mail server against third-party
relay, visit <URL: http://mail-abuse.org/tsi/>.
Additional Comments"
-----------------------------------------------------
As you can see, the test is relayed via that server.
On Sun, 2004-07-25 at 18:03 -0400, James Knott wrote:
I realize you guys are having fun with this, but it's really not doing much to resolve the problem at hand, that the mail relay problem.
Well, you only posted a partial log.
What is in your access file? You seem to have it set up for
authenticated users, do you have any users set up with bad or default or
perhaps even no passwords? What user is the spammer authenticating as?
Which relay test was it that passed? The relay page should have told you
what it did to get past your access restrictions.
The entire access file is comments, there are no lines that don't start with "#". There are no users on the system yet, as it hasn't been turned up for use.
I used both the abuse.net test site, that someone mentioned yesterday and http://members.iinet.net.au/~remmie/relay/. The abuse site will only allow me to send an anonymous test, which only tests if the server will accept a message. It does not actually send a message that can be forwarded. I was not able to be registered, so that I could send an actual test message. The ~remmie/relay site allowed me to send a message to myself, via the server relay. Those messages reached me.
When I try that test with postfix turned off, I get the following:
"Open Relay Test Results
Default domain is staff.iinet.net.au
Connecting to 69.156.194.250 ...
<<< 421 4.4.1 SGS.DESTINYFIN.com Unable to contact destination
FAILURE
Unfortunately the program failed because...
The connection was rejected"
--------------------------------------
Then after starting postfix, I get:
"Open Relay Test Results
Default domain is staff.iinet.net.au
Connecting to 69.156.194.250 ...
<<< 220 [69.156.194.250] SMTP
>>>> HELO staff.iinet.net.au
<<< 250 [69.156.194.250] talking to domain-web-03.iinet.net.au ([203.59.3.83])
To: james.knott@xxxxxxxxxx
From: spamtest@localhost
>>>> MAIL FROM:
<<< 250 Ok
>>>> RCPT TO:
<<< 250 Ok
>>>> DATA
<<< 354 End data with .
>>>> MESSAGE
<<< 250 Ok: queued as A3D9B1FB2
SUCCESS
Relay Accepted - final response code 250
If you dont recieve it then its not a relay (Its still a Bad Thing (TM) that it accepted)
Check your email"
-------------------------------------------------------
Then a couple of minutes later, the test message arrives:
"This is a test of third-party mail relay.
Target host = 69.156.194.250 7932516
Test performed by <spammer@xxxxxxxxx>
A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to attack and hijack by Internet
vandals and spammers.
For information on how to secure a mail server against third-party
relay, visit <URL: http://mail-abuse.org/tsi/>.
Additional Comments"
-----------------------------------------------------
As you can see, the test is relayed via that server.
| < Previous | Next > |