Re: [Exim] Unathenticated SMTP ??

Top Page
Delete this message
Reply to this message
Author: Jeff Lasman
Date:  
To: exim-users
Subject: Re: [Exim] Unathenticated SMTP ??
On Sunday 04 January 2004 05:19 pm, Peter Richards wrote:

> I may be getting relaying and possible spam abuse,
> mixed up. For example, I tested another domain (one I
> manage), used it as the domain for telnet, used it as
> the "RCPT TO: , but made up some bogus username@domain
> for the "MAIL FROM:, ........ it got through, so that
> would imply, to me at least, that anyone can use
> _that_ domain to send spam. Yes, all the spam will go
> to _that_ domain though. :)


Is the RCPT TO address to a domain on the same machine as your server?
Or is the server an MX for the domain? If so, then it's not relaying;
it'll accept email from any outside source for delivery to domains for
which it's supposed to.

If not, then let's think about the mailserver and your relationship to
it.

Is this a mailserver you're specifically allowed to use to send email?
Do you regularly POP email from it? And if so, does it support POP
before SMTP authentication? SMTP AUTH authentication?

If you do not regularly receive POP email from it, is it configured to
relay email from your IP# to the Internet at large (in other words, is
it configured to be your outgoing SMTP server)?

If so, then MAIL FROM has nothing to do with whether or not it will
accept email; that's based entirely on either SMTP AUTH, POP BEFORE
SMTP, or configuration by static IP#, or by being on the same network.

While exim may be configured to block spam (see some of my posts over
the past few days for examples) it certainly doesn't have to; many ISPs
and webhost companies do NOT block spam.

> This isn't so much mail "TO" me, but mail I'm able to
> send "THROUGH" my domain, without any authentication
> at all.


How do you know you're not authenticated?

Why don't you find someone on this list you trust, and have them try to
duplicate your same test... same MAIL FROM as you, same RCPT TO. If
they can send the email, then yes, the server is broken. But my guess
is they can't.

Jeff
> I just logged in (Telnet) to 'domain1', used that
> domain as the "MAIL FROM", and I was able to send an
> email to two other domains. No authentication was used
> at all. What does that mean ?


It means you were a local user.

> > My concern is that, if I can do it, so can ANYONE


Anyone who's logged in, of course.


> This isn't mail "TO" me, it is mail THROUGH my domain.


Please give one of us who you trust the information s/he needs to try to
prove or disprove your assertion, for your own piece of mind.

Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"