Re: [Exim] Unathenticated SMTP ??

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Giuliano Gavazzi at <-
MMM 
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] Unathenticated SMTP ??
Hi Peter, on Sun, 4 Jan 2004 17:19:32 -0800 (PST) you wrote:

> I may be getting relaying and possible spam abuse,
> mixed up. For example, I tested another domain (one I
> manage), used it as the domain for telnet, used it as
> the "RCPT TO: , but made up some bogus username@domain
> for the "MAIL FROM:, ........ it got through, so that
> would imply, to me at least, that anyone can use
> _that_ domain to send spam. Yes, all the spam will go
> to _that_ domain though. :)

If "that" (the RCPT TO) domain is still one handled by the server in
question, then there is no relaying taking place.

> This isn't so much mail "TO" me, but mail I'm able to
> send "THROUGH" my domain, without any authentication
> at all.

Unfortunately, this terminology doesn't really mean very much.
If you'd like to e-mail me offlist with the server details and your
domain, I'll be able to tell you in about 5 seconds if there is indeed a
problem. To do it yourself, first check:

a) your IP address is not trusted
b) your provider does not do POP-before-SMTP or similar

then try:

1.
MAIL FROM: <random@address> (not at a domain which is local to that
server)
RCPT TO: <me@???>

If that doesn't work, there is no "obvious" relaying problem. However,
it's not entirely impossible that your host has done something silly like
allowing relaying based on domain, so try this:

MAIL FROM: <you@yourdomain>
RCPT TO: <me@???>


If that works (and you're sure your IP address is not specially trusted),
they *are* an open relay. If it doesn't, chances are they're not.

> > In summary: a server is only an open relay if you
> can send mail through it, unauthenticated, to
> *arbitrary* domains (i.e. not a domain which it is set
> up to handle). Try sending to foo@??? and see
> if it lets you do that. If it does, it's an open
> relay. If it doesn't, it's probably not.
>
> I just logged in (Telnet) to 'domain1', used that
> domain as the "MAIL FROM", and I was able to send an
> email to two other domains.

Two other domains also handled by the same server, or completely separate?
If the former, it means nothing. If the latter, it means it may be an
open relay but depends on whether you were authenticated by some other
means (e.g. IP address/POP-before-SMTP)

> This isn't mail "TO" me, it is mail THROUGH my domain.

I'm honestly not trying to be obtuse, but that terminology means nothing
to me. Mail has an envelope sender and an envelope recipient (each of
which normally has a qualifying domain), and goes THROUGH a *server*.
Saying something is sent "through a domain" is therefore rather confusing
and ambiguous. (I think in this case you mean "I'm worried that someone
using my domain in an envelope sender will be permitted arbitrary relay
via server x")

Like I said, e-mail me offlist and I'll see if I can clear it up for you.

Tim


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Combining conditions[Exim] condition in acl_smtp_data->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)