Re: close open relay

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On Nov 12, 2008, at 5:08 PM, Jerry Geis <geisj@xxxxxxxxxxxxxxx> wrote:


lists-centos wrote:
sorry, the start page is:

<http://www.abuse.net/relay.html>


look at the headers of the original messages (probably included as
attachments) that sbcglobal is sending back. it's very possible that
a spammer has forged an address from your machine on their outbound
spam, and sbcglobal is bouncing that, (rather than rejecting,
because they haven't a clue), generating scatter-back spam.


      - Rick

------------ Original Message ------------

Date: Wednesday, November 12, 2008 04:44:02 PM -0500
From: Jerry Geis <geisj@xxxxxxxxxxxxxxx>
To: CentOS ML <centos@xxxxxxxxxx>
Subject: Re:  close open relay

lists-centos wrote:

You have to have changed more than just the sendmail.mc/cf to
make a default centos sendmail setup an open mail relay.

Your /etc/mail/access file is where things are defined as to what
you  relay for. The /etc/mail/local-host-names effects what you
accept mail for.

Make certain that what you're using to test that's it's an open
relay is reporting things correctly. There's a difference between
sendmail being "open" (accepting mail from the outside) and an
"open relay". The former is expected from a mail server, the
latter is a problem.

I use:

 <http://verify.abuse.net/cgi-bin/relaytest>

which runs through a range of tests. I tried it against your
24.123.23.170 mail server a few min. ago and all was fine.

- Rick

------------ Original Message ------------

Date: Wednesday, November 12, 2008 03:33:11 PM -0500
From: Jerry Geis <geisj@xxxxxxxxxxxxxxx>
To: CentOS ML <centos@xxxxxxxxxx>
Subject:  close open relay

hi all, running centos 4.7 i686.

I seem to have an o pen  r elay sendmail server.
How do I close it?

I have the STRAIGHT centos install sendmail.mc file.
Only thing I changed was:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

so as to allow incoming email and not just localhost. however
this seems to relay everyone.

I looked at http://www.sendmail.org/tips/relaying but it just
talks about (AFIKT)
enabling specific relays to occur - not how to CLOSE the
relaying.

How do I close the relay?

Jerry
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

------------ End Original Message ------------




When I run the following I get broken web page:

http://verify.abuse.net/cgi-bin/relaytest


I am getting investigating all this as I am getting return emails
from sbcglobal that I am spam.

Jerry



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


------------ End Original Message ------------





Sure enough I tried your test and that looks good...

HOwever, when i run this test:
HELO example.com
MAIL From: TheBoss@xxxxxxxxxxx
RCPT To: geisj@xxxxxxxxxxxxxxx
DATA
Subject: Think we're insecure...
I have a feeling our mail server is being abused...
.
QUIT

and paste that into port 25 of my server (telnet I'm talking)
I get the email and I should not ( I presume) as I am not example.com.

That's not relaying. A true test is if you telnet from a public ip to your SMTP port and try to send an email to a domain that isn't yours, like a gmail account, does it go through. It shouldn't, but it should if sent from an internal ip.

Basically you need a file of hosts/networks allowed to relay to any domain (your internal hosts), and a file of domains that are allowed to be relayed by anyone (domains you handle).

Can't remember their names, look in /etc/mail/Makefile for hints.

-Ross



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux