I have recently received a message from an organization called ORBS
(http://www.orbs.org) that has detected my mail server as an "insecure email
relay". ORBS threatens to place my mail IP into a database if I do not
resolve the issue of an "insecure email relay".
If anyone has run into this and/or knows of any information that could be
helpful in resolving this matter please respond. Attached below is the
original message.
Thank-you for any help,
Dallas Vogels
----------------------------------------------------------------------------
-----
ORIGINAL MESSAGE (with ip address removed)
----------------------------------------------------------------------------
-----
Please read this entire message carefully before replying
If you are not the technical contact for your organisation, please
forward this to the person who is.
Reference: http://www.orbs.org/messagelookup.cgi?address=(ip address)
(ip address) has been detected as an insecure email relay and added
to the ORBS database.
Please check the ORBS website (http://www.orbs.org/) for links
to other sites that may be able to help you close your relay. Most mail
transport agents can be secured quickly by the operator, usually for no
cost other than the time take to read the appropriate instructions for
your software.
To be removed from the ORBS database, you need to disable the external relay
features of your mail server and then report the IP address (ip address)
to our web site at http://www.orbs.org/closed2.cgi?address=(ip address)
We will immediately remove your site's entry, then re-test it for
third-party relay capabilities.
ORBS is an automated testing system, if your mailserver has multiple
IP interfaces, it is likely that you will receive multiple copies of
this message. You should only receive one notice per IP number, however
ORBS notices are sent to both the literal IP address and the resolved DNS
name, so 2 notices may be received in some cases.
Thank you for your attention to this matter.
Sincerely,
[EMAIL PROTECTED]
The message your system relayed is attached below.
If you believe your server has been secured, please check the
X-Envelope lines to see which vulnerability has been missed
and check them against the list of vulnerabilties at
http://www.orbs.org/envelopes.html
>From [EMAIL PROTECTED] Wed Mar 8 12:07:07 2000
Received: from mail.domain.com (mail.domain.com [(ip address)])
by mail2.manawatu.net.nz (8.9.3/8.9.3) with ESMTP id MAA15064
for <[EMAIL PROTECTED]>; Wed, 8 Mar 2000 12:06:58 +1300
X-Remote-IP: (ip address)
Received: from relaytest.orbs.vuurwerk.nl [194.178.232.55] by
(mail.domain.com)
(SMTPD32-6.00) id AEE3AFF01D6; Tue, 07 Mar 2000 15:21:07 -0800
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
X-Token: vksypcgrkreenobv
X-Envelope-Sender: <[EMAIL PROTECTED]>
X-Envelope-Recipient: <[EMAIL PROTECTED]>
Message-Id: <(ip address)@orbs.org>
Subject: ORBS Relay Test - (ip address)
Date: Tue, 7 Mar 2000 15:21:11 -0800
This program checks for open relays.
Open relays are automatically added to the ORBS Open Relay
Database (see http://www.orbs.org/ for details).
Check http://www.orbs.org/verify.cgi?address=(ip address) for this hosts
current status.
Vulnerability checks are detailed at http://www.orbs.org/envelopes.html
Securing help can be found at http://www.orbs.org/otherresources.html
There are multiple tests applied per IP address.
Partially secured hosts may pass some tests, but fail others.
Hosts are only classified as secure by ORBS if they pass all tests.
Hosts which do not deliver messages are not classified as insecure.
Do not use the above addresses to contact me - use [EMAIL PROTECTED]
X-Token: vksypcgrkreenobv
X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]>
X-Envelope-Recipient: RCPT TO:<[EMAIL PROTECTED]>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
