Re: close open relay

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Wed, Nov 12, 2008 at 3:53 PM, Ross Walker <rswwalker@xxxxxxxxx> wrote:
>
> On Nov 12, 2008, at 5:08 PM, Jerry Geis <geisj@xxxxxxxxxxxxxxx> wrote:
>
>>
>> lists-centos wrote:
>>>
>>> sorry, the start page is:
>>>
>>> <http://www.abuse.net/relay.html>
>>>
>>>
>>> look at the headers of the original messages (probably included as
>>> attachments) that sbcglobal is sending back. it's very possible that
>>> a spammer has forged an address from your machine on their outbound
>>> spam, and sbcglobal is bouncing that, (rather than rejecting,
>>> because they haven't a clue), generating scatter-back spam.
>>>
>>>
>>>      - Rick
>>>
>>> ------------ Original Message ------------
>>>
>>>> Date: Wednesday, November 12, 2008 04:44:02 PM -0500
>>>> From: Jerry Geis <geisj@xxxxxxxxxxxxxxx>
>>>> To: CentOS ML <centos@xxxxxxxxxx>
>>>> Subject: Re:  close open relay
>>>>
>>>> lists-centos wrote:
>>>>
>>>>> You have to have changed more than just the sendmail.mc/cf to
>>>>> make a default centos sendmail setup an open mail relay.
>>>>>
>>>>> Your /etc/mail/access file is where things are defined as to what
>>>>> you  relay for. The /etc/mail/local-host-names effects what you
>>>>> accept mail for.
>>>>>
>>>>> Make certain that what you're using to test that's it's an open
>>>>> relay is reporting things correctly. There's a difference between
>>>>> sendmail being "open" (accepting mail from the outside) and an
>>>>> "open relay". The former is expected from a mail server, the
>>>>> latter is a problem.
>>>>>
>>>>> I use:
>>>>>
>>>>>  <http://verify.abuse.net/cgi-bin/relaytest>
>>>>>
>>>>> which runs through a range of tests. I tried it against your
>>>>> 24.123.23.170 mail server a few min. ago and all was fine.
>>>>>
>>>>> - Rick
>>>>>
>>>>> ------------ Original Message ------------
>>>>>
>>>>>> Date: Wednesday, November 12, 2008 03:33:11 PM -0500
>>>>>> From: Jerry Geis <geisj@xxxxxxxxxxxxxxx>
>>>>>> To: CentOS ML <centos@xxxxxxxxxx>
>>>>>> Subject:  close open relay
>>>>>>
>>>>>> hi all, running centos 4.7 i686.
>>>>>>
>>>>>> I seem to have an o pen  r elay sendmail server.
>>>>>> How do I close it?
>>>>>>
>>>>>> I have the STRAIGHT centos install sendmail.mc file.
>>>>>> Only thing I changed was:
>>>>>> dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
>>>>>>
>>>>>> so as to allow incoming email and not just localhost. however
>>>>>> this seems to relay everyone.
>>>>>>
>>>>>> I looked at http://www.sendmail.org/tips/relaying but it just
>>>>>> talks about (AFIKT)
>>>>>> enabling specific relays to occur - not how to CLOSE the
>>>>>> relaying.
>>>>>>
>>>>>> How do I close the relay?
>>>>>>
>>>>>> Jerry
>>>>>> _______________________________________________
>>>>>> CentOS mailing list
>>>>>> CentOS@xxxxxxxxxx
>>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>>
>>>>> ------------ End Original Message ------------
>>>>>
>>>>>
>>>>>
>>>>>
>>>> When I run the following I get broken web page:
>>>>
>>>> http://verify.abuse.net/cgi-bin/relaytest
>>>>
>>>>
>>>> I am getting investigating all this as I am getting return emails
>>>> from sbcglobal that I am spam.
>>>>
>>>> Jerry
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS@xxxxxxxxxx
>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>
>>>
>>> ------------ End Original Message ------------
>>>
>>>
>>>
>>>
>>
>> Sure enough I tried your test and that looks good...
>>
>> HOwever, when i run this test:
>> HELO example.com
>> MAIL From: TheBoss@xxxxxxxxxxx
>> RCPT To: geisj@xxxxxxxxxxxxxxx
>> DATA
>> Subject: Think we're insecure...
>> I have a feeling our mail server is being abused...
>> .
>> QUIT
>>
>> and paste that into port 25 of my server (telnet I'm talking)
>> I get the email and I should not ( I presume) as I am not example.com.
>
> That's not relaying. A true test is if you telnet from a public ip to your
> SMTP port and try to send an email to a domain that isn't yours, like a
> gmail account, does it go through. It shouldn't, but it should if sent from
> an internal ip.
>
> Basically you need a file of hosts/networks allowed to relay to any domain
> (your internal hosts), and a file of domains that are allowed to be relayed
> by anyone (domains you handle).
>
> Can't remember their names, look in /etc/mail/Makefile for hints.
>
> -Ross
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

I submit that this email is an excellent example of both the needs to
bottom-post (ONLY) and edit postings to limit the content to the
relevant material (included in its entirety on purpose, and with
absolutely NO offense to Ross intended - seriously.)

'Nuff said.

mhr
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux