Whenever i give a ps-ef|grep send on my e-mail server i occasionally get the following address "fix.your.open.relay.or.die". Besides, the queues seems to increase their sizes rapidly with no particular reason. Is there any idea? We believe that someone is trying to block our e-mail server. Thanks in advance i remain....
Hi, hm ... the message is quite new to me, but it seems that somebody wants to tell you that your mailserver is open for relaying and you should close it ... the thing about the increasing mailboxes seems to be an identification for running spam-actions via your mail-server. Normaly, if your Mailserver is used for spaming, the messages to the administrator for "undeliverable mails" will increase also. The reason is, that spammers normaly are not very carefull in proofing the email addresses they want to reach. So if there are old addresses or deleted addresses in the "spam list", which are undeliverable, the admin of the mail server used will receive the "undeliverable messages" from the postmaster or the MTA, but when he opens the message he will see a sender and receiver which he didnt know ... So you should close the possibility to use your mailserver for sending mails from outside your domain (or outside your IP range) ... that means blocking SMTP for "not local users" or "not allowed users (if WAN Users are also using your mailserver for sending - big company for example)" ... cu Michael Nikos Psarrakis wrote:
Whenever i give a ps-ef|grep send on my e-mail server i occasionally get the following address
"fix.your.open.relay.or.die".
Besides, the queues seems to increase their sizes rapidly with no particular reason.
Is there any idea?
We believe that someone is trying to block our e-mail server.
Thanks in advance i remain....
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Just for your information:
In cases like this, I found a site helpful, which contains many
blackhole-lists. You may check, wether your mailserver is
blocked by these anti-spam-lists by using the following link
http://relays.osirusoft.com/cgi-bin/rbcheck.cgi
If the server is using several IPs (as is often the case
when you run an internet server hosting several virtual
domains and such stuff), it's good to check the whole
IP-range used - depending on how you set up your smtp-server.
The site also has links where one can get information
about how to secure the different mailservers in use
(sendmail, postfix etc.).
HTH
Michael
- --
Michael Zimmermann (Vegaa Safety and Security for Internet Services)
* Michael Zimmermann (zim@vegaa.de) [020319 03:48]:
I have a script I use for this that you might find useful. It checks an ip (or ips) against the orbz.org database. You get what you pay for: #!/bin/sh # ckm@suse.com # checks an ip against the orbz.org database unset PATH export PATH="/bin:/usr/bin:/usr/local/bin:~/bin" usage="$0: ip1 ip2 ... ipn" ips=$@ url="http://orbz.org/b.php?" alias which='type -path' html2text="`which html2text`" if [ -z "$ips" ]; then echo $usage exit 1 fi fbrowser=`which lynx` || browser=`which w3m` || \ (echo "no suitable browser found"; exit 1) echo "Using $fbrowser" browser="$(basename $fbrowser)" case $browser in lynx) args="-source" ;; w3m) args="-dump" ;; esac for ip in $ips; do if [ -z "$html2text" ]; then $fbrowser $args $url$ip else $fbrowser $args $url$ip | $html2text fi done -- -ckm
participants (4)
-
Christopher Mahmood
-
Michael Haunzwickl
-
Michael Zimmermann
-
Nikos Psarrakis