Re: [exim] Re: How can I tell if my server is getting bombar…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Tommy Butler at <-
MMJohn W. Baxter at ->
Delete this message
Reply to this message
Author: Tommy Butler
Date:  
To: exim-users
CC: Andreas Metzler
Subject: Re: [exim] Re: How can I tell if my server is getting bombarded with spam?
Andreas Metzler wrote:
> Fred Viles <fv+exim@???> wrote:
> [...]
>
>>No, I'm not saying that. I don't know anything about the Debian
>>distribution, but I'm sure it does not default to an open relay
>>configuration.
>
> [...]
>
> It is not. ;-)
>
> Tommy, we need some hard data. Login on your system and invoke
> telnet relay-test.mail-abuse.org

OK...

root@noot:~# telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to Cygnus.Mail-Abuse.ORG.
Escape character is '^]'.
Connecting to 206.123.72.157 ...
<<< 220 noot.cityairlines.net ESMTP Exim 4.34 Wed, 15 Dec 2004 16:37:15 -0600
>>> HELO cygnus.mail-abuse.org
<<< 250 noot.cityairlines.net Hello cygnus.mail-abuse.org [168.61.4.13]
:Relay test: #Quote test
>>> mail from: <spamtest@>
<<< 501 <spamtest@>: domain missing or malformed
>>> rset
<<< 250 Reset OK
:Relay test: #Test 1
>>> mail from: <nobody@???>
<<< 250 OK
>>> rcpt to: <nobody@???>
<<< 250 Accepted
>>> QUIT
<<< 221 noot.cityairlines.net closing connection
Tested host banner: 220 noot.cityairlines.net ESMTP Exim 4.34 Wed, 15 Dec 2004
16:37:15 -0600
System appeared to accept 1 relay attempts
Connection closed by foreign host.

> If it claims that you are an open relay duplicate the failed test with
> -bh.
>
> e.g.
> :Relay test: #test 3
>
>>>>mail from: <spamtest@localhost>
>
> <<< 250 OK
>
>>>>rcpt to: <nobody@???>
>
> <<< 250 Accepted
> :You appear to be open relay, hide in the dungeons, please.
> 
> /usr/sbin/exim4 -bh 168.61.4.13
> mail from: <spamtest@localhost>
> rcpt <nobody@???>
> [now exim will show why it accepted the mail]
>                cu andreas

OK...

$ /usr/sbin/exim4 -bh 168.61.4.13

**** SMTP testing session as if from host 168.61.4.13
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in host_lookup? yes (matched "*")
>>> looking up host name for 168.61.4.13
>>> IP address lookup yielded cygnus.mail-abuse.org
>>> gethostbyname2 looked up these IP addresses:
>>> name=cygnus.mail-abuse.org address=168.61.4.13
>>> checking addresses for cygnus.mail-abuse.org
>>> 168.61.4.13 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 noot.cityairlines.net ESMTP Exim 4.34 Wed, 15 Dec 2004 16:41:32 -0600
mail from: <spamtest@localhost>
250 OK
rcpt <nobody@???>
500 unrecognized command

--
Tommy Butler
tommy@???


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] How can I tell if my server is getting bombarded with spam?Re: [exim] Re: How can I tell if my server is getting bombarded with spam?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)