RE: [Exim] Closing an open relay

Pàgina inicial
Aquest missatge és part del següent fil:
M\l'arbre de fils complet ordenat per data
MMPatrick Draper en <-
MMDan Egli en ->
Delete this message
Reply to this message
Autor: Dave C.
Data:  
A: 'Patrick Draper'
CC: Exim Users (E-mail)
Assumpte: RE: [Exim] Closing an open relay
> Hi everyone, I need your help to close an open relay. Unfortunately, it
> belongs to me. :-(
>
> I got a suspicious mail that appeared to come from me, addressed to me, and
> that prompted me to check my logs and use the relay checker at abuse.org.
>
> The logs show that no other mail has been bounced off my server, so that's
> not a problem (yet).
>
> The relay checker showed that I do have a problem though:
>
>
> Relay test 6
> >>> RSET
> <<< 250 Reset OK
> >>> MAIL FROM:<spamtest@???>
> <<< 250 <spamtest@???> is syntactically correct
> >>> RCPT TO:<user-22410%nf.abuse.net@???>
> <<< 250 <user-22410%nf.abuse.net@???> is syntactically correct
> >>> DATA
> <<< 354 Enter message, ending with "." on a line by itself
> >>> (message body)
> <<< 250 OK id=17lZv1-0001sP-00
>
> I did receive the mail that was used to test. That means that my server
> is open.

If *you* received this mail, and not user-22410@??? (which was
what the test was trying to do), then you are secure. You are only a
relay if an outside/unknown host can use your host to send mail to a
domain that is not 'your' domain.

Do you have some sort of wildcard catch-all for *@pdrap.org ? If so,
then this is doing exactly what you told it to (and is not relaying)..

Its only relaying if senders can use RCPT TO:'s like:

someuser%aol.com@???
otheruser%aol.com@???
victim%somewhere.com@???

and have them end up at someuser@???, otheruser@???, and
victim@???

If all of these end up going to some sort of 'catch all' mailbox, then
they arent getting relayed. Now, this is one of the reasons why you
might not want a catch-all box, since spammers do both this (in attempt
to relay). and also use a dictionary-list of possible usersnames to try
and spam to.. eg:

john@???
joe@???
george@???

etc
etc

They figure if they do a few thousand of these, at least some of them
will be real addresses and get delivered. Unforuantely, with a
catch-all/wildcard address, they *ALL* end up in your mailbox.

I would recommend you disable the catch-all function, and setup
recipient verification (so that if "someuser%aol.com" and/or "john" does
not exist as a valid mailbox "@pdrap.org", then you reject the RCPT TO
with "550 No such user")





Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-[Exim] Conversion questions to v4Re: [Exim] exim4-mysql debian pacakge->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)