Autor: Dave C. Datum: To: 'Patrick Draper' CC: Exim Users (E-mail) Betreff: RE: [Exim] Closing an open relay
> Hi everyone, I need your help to close an open relay. Unfortunately, it > belongs to me. :-(
>
> I got a suspicious mail that appeared to come from me, addressed to me, and
> that prompted me to check my logs and use the relay checker at abuse.org.
>
> The logs show that no other mail has been bounced off my server, so that's
> not a problem (yet).
>
> The relay checker showed that I do have a problem though:
>
>
> Relay test 6
> >>> RSET
> <<< 250 Reset OK
> >>> MAIL FROM:<spamtest@???>
> <<< 250 <spamtest@???> is syntactically correct
> >>> RCPT TO:<user-22410%nf.abuse.net@???>
> <<< 250 <user-22410%nf.abuse.net@???> is syntactically correct
> >>> DATA
> <<< 354 Enter message, ending with "." on a line by itself
> >>> (message body)
> <<< 250 OK id=17lZv1-0001sP-00
>
> I did receive the mail that was used to test. That means that my server
> is open.
If *you* received this mail, and not user-22410@??? (which was
what the test was trying to do), then you are secure. You are only a
relay if an outside/unknown host can use your host to send mail to a
domain that is not 'your' domain.
Do you have some sort of wildcard catch-all for *@pdrap.org ? If so,
then this is doing exactly what you told it to (and is not relaying)..
Its only relaying if senders can use RCPT TO:'s like:
and have them end up at someuser@???, otheruser@???, and
victim@???
If all of these end up going to some sort of 'catch all' mailbox, then
they arent getting relayed. Now, this is one of the reasons why you
might not want a catch-all box, since spammers do both this (in attempt
to relay). and also use a dictionary-list of possible usersnames to try
and spam to.. eg:
john@???
joe@???
george@???
etc
etc
They figure if they do a few thousand of these, at least some of them
will be real addresses and get delivered. Unforuantely, with a
catch-all/wildcard address, they *ALL* end up in your mailbox.
I would recommend you disable the catch-all function, and setup
recipient verification (so that if "someuser%aol.com" and/or "john" does
not exist as a valid mailbox "@pdrap.org", then you reject the RCPT TO
with "550 No such user")