> Ok so we are having trouble emailing some of our customers so I do a
> quick check to find out why. Seems http://njabl.org/ is saying we are
an
> open relay which I had thought I had closed up years ago.
Looks like you should go through those barracuda settings again because
spammers are likely abusing your public service. If you need to have
mobile users relay mail from the field, you need to enable and require
some kind of LDAP/AD authentication for all senders. If the barracuda
doesn't support authenticated relaying via AD you will have to turn off
all relaying except from your exchange server. In this case, the remote
users will have to use a vpn of some sort in order to send mail as though
they were in the office
============================================================
220 barracuda.mail.lmsintellibound.com ESMTP Service ready
helo lmsintellibound.com
250 Requested mail action okay, completed
mail from: administra...@lmsintellibound.com
250 Requested mail action okay, completed
rcpt to: xxxxx...@gmail.com
250 Requested mail action okay, completed
data
354 Start mail input; end with <CRLF>.<CRLF>
To: xxxxx...@gmail.com
From: administra...@lmsintellibound.com
Subject: Sent from an open relay
Testing out the body
cheers
.
250 Requested mail action okay, completed
quit
------------------------------------------------------------
Found in a mailbox moments later...woops
------------------------------------------------------------
Delivered-To: xxxxx...@gmail.com
Received: by 10.231.16.65 with SMTP id n1cs224076iba;
Wed, 30 Sep 2009 07:22:15 -0700 (PDT)
Received: by 10.224.8.136 with SMTP id h8mr5707464qah.25.1254320534533;
Wed, 30 Sep 2009 07:22:14 -0700 (PDT)
Return-Path: <administra...@lmsintellibound.com>
Received: from barracuda.mail.lmsintellibound.com
(mail.lmsintellibound.com [66.64.158.244])
by mx.google.com with ESMTP id
27si8524489ywh.104.2009.09.30.07.22.14;
Wed, 30 Sep 2009 07:22:14 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
administra...@lmsintellibound.com designates 66.64.158.244 as permitted
sender) client-ip=66.64.158.244;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess
record for domain of administra...@lmsintellibound.com designates
66.64.158.244 as permitted sender)
smtp.mail=administra...@lmsintellibound.com
To: xxxxx...@gmail.com
From: administra...@lmsintellibound.com
Subject: Sent from an open relay
Message-Id:
<20090930142153.4f3d923b...@barracuda.mail.lmsintellibound.com>
Date: Wed, 30 Sep 2009 10:21:53 -0400 (EDT)
Testing out the body
cheers
============================================================
What's really bad here is that all the spam comes from your IP and the
sender is also spoofed as you since you have locked down relaying from
senders with a domain other than yours. Some chickenboner has probably
discovered your service lately...
~JasonG
