open up page 107/chapter 7: security and antispamming in your imail manual
basically you probably have your server 'relay mail for anyone', you need to
lock this down so that only known domains/hosts/ip addresses/subnets can
relay mail through your server - which is 95% done thru the 'smtp security'
tab from the imail control panel icon
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dallas Vogels
> Sent: Wednesday, 8 March 2000 4:08
> To: [EMAIL PROTECTED]
> Subject: [IMail Forum] ORBS Threat
>
>
> I have recently received a message from an organization called ORBS
> (http://www.orbs.org) that has detected my mail server as an
> "insecure email
> relay". ORBS threatens to place my mail IP into a database if I do not
> resolve the issue of an "insecure email relay".
>
> If anyone has run into this and/or knows of any information
> that could be
> helpful in resolving this matter please respond. Attached below is the
> original message.
>
>
> Thank-you for any help,
>
> Dallas Vogels
>
>
> ------------------------------------------------------------------
> ----------
> -----
> ORIGINAL MESSAGE (with ip address removed)
> ------------------------------------------------------------------
> ----------
> -----
>
> Please read this entire message carefully before replying
>
> If you are not the technical contact for your organisation, please
> forward this to the person who is.
>
> Reference: http://www.orbs.org/messagelookup.cgi?address=(ip address)
>
> (ip address) has been detected as an insecure email relay and added
> to the ORBS database.
>
> Please check the ORBS website (http://www.orbs.org/) for links
> to other sites that may be able to help you close your relay. Most mail
> transport agents can be secured quickly by the operator, usually for no
> cost other than the time take to read the appropriate instructions for
> your software.
>
> To be removed from the ORBS database, you need to disable the
> external relay
> features of your mail server and then report the IP address (ip address)
> to our web site at http://www.orbs.org/closed2.cgi?address=(ip address)
> We will immediately remove your site's entry, then re-test it for
> third-party relay capabilities.
>
> ORBS is an automated testing system, if your mailserver has multiple
> IP interfaces, it is likely that you will receive multiple copies of
> this message. You should only receive one notice per IP number, however
> ORBS notices are sent to both the literal IP address and the resolved DNS
> name, so 2 notices may be received in some cases.
>
> Thank you for your attention to this matter.
>
> Sincerely,
>
> [EMAIL PROTECTED]
>
> The message your system relayed is attached below.
> If you believe your server has been secured, please check the
> X-Envelope lines to see which vulnerability has been missed
> and check them against the list of vulnerabilties at
> http://www.orbs.org/envelopes.html
>
> >From [EMAIL PROTECTED] Wed Mar 8 12:07:07 2000
> Received: from mail.domain.com (mail.domain.com [(ip address)])
> by mail2.manawatu.net.nz (8.9.3/8.9.3) with ESMTP id MAA15064
> for <[EMAIL PROTECTED]>; Wed, 8 Mar 2000 12:06:58 +1300
> X-Remote-IP: (ip address)
> Received: from relaytest.orbs.vuurwerk.nl [194.178.232.55] by
> (mail.domain.com)
> (SMTPD32-6.00) id AEE3AFF01D6; Tue, 07 Mar 2000 15:21:07 -0800
> To: [EMAIL PROTECTED]
> From: [EMAIL PROTECTED]
> X-Token: vksypcgrkreenobv
> X-Envelope-Sender: <[EMAIL PROTECTED]>
> X-Envelope-Recipient: <[EMAIL PROTECTED]>
> Message-Id: <(ip address)@orbs.org>
> Subject: ORBS Relay Test - (ip address)
> Date: Tue, 7 Mar 2000 15:21:11 -0800
>
> This program checks for open relays.
>
> Open relays are automatically added to the ORBS Open Relay
> Database (see http://www.orbs.org/ for details).
>
> Check http://www.orbs.org/verify.cgi?address=(ip address) for this hosts
> current status.
>
> Vulnerability checks are detailed at http://www.orbs.org/envelopes.html
>
> Securing help can be found at http://www.orbs.org/otherresources.html
>
> There are multiple tests applied per IP address.
> Partially secured hosts may pass some tests, but fail others.
> Hosts are only classified as secure by ORBS if they pass all tests.
>
> Hosts which do not deliver messages are not classified as insecure.
>
> Do not use the above addresses to contact me - use [EMAIL PROTECTED]
>
> X-Token: vksypcgrkreenobv
> X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]>
> X-Envelope-Recipient: RCPT TO:<[EMAIL PROTECTED]>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
