-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 8 March 2000 12:28 To: [EMAIL PROTECTED] Subject: Delivery failure Your message has encountered delivery problems to mail.gunsnet.net. Invalid addressee (To:) format: [EMAIL PROTECTED] Received: From list.ipswitch.com by WEBBOARD-SMTP Tue, 7 Mar, 2000 at 18:28:20 Received: from mail.property.com.au [203.10.103.35] by list.ipswitch.com with ESMTP (SMTPD32-6.00) id AE0C9EA01C2; Tue, 07 Mar 2000 20:34:04 -0500 Received: from shodan [203.10.103.152] by mail.property.com.au (SMTPD32-5.05) id AD825C0230; Wed, 08 Mar 2000 12:31:46 +1100 From: "Simon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Wed, 8 Mar 2000 12:33:36 +1100 Message-ID: <007901bf889e$528ce940$[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal In-Reply-To: <[EMAIL PROTECTED]> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Subject: RE: [IMail Forum] ORBS Threat Precedence: bulk Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] open up page 107/chapter 7: security and antispamming in your imail manual basically you probably have your server 'relay mail for anyone', you need to lock this down so that only known domains/hosts/ip addresses/subnets can relay mail through your server - which is 95% done thru the 'smtp security' tab from the imail control panel icon > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Dallas Vogels > Sent: Wednesday, 8 March 2000 4:08 > To: [EMAIL PROTECTED] > Subject: [IMail Forum] ORBS Threat > > > I have recently received a message from an organization called ORBS > (http://www.orbs.org) that has detected my mail server as an > "insecure email > relay". ORBS threatens to place my mail IP into a database if I do not > resolve the issue of an "insecure email relay". > > If anyone has run into this and/or knows of any information > that could be > helpful in resolving this matter please respond. Attached below is the > original message. > > > Thank-you for any help, > > Dallas Vogels > > > ------------------------------------------------------------------ > ---------- > ----- > ORIGINAL MESSAGE (with ip address removed) > ------------------------------------------------------------------ > ---------- > ----- > > Please read this entire message carefully before replying > > If you are not the technical contact for your organisation, please > forward this to the person who is. > > Reference: http://www.orbs.org/messagelookup.cgi?address=(ip address) > > (ip address) has been detected as an insecure email relay and added > to the ORBS database. > > Please check the ORBS website (http://www.orbs.org/) for links > to other sites that may be able to help you close your relay. Most mail > transport agents can be secured quickly by the operator, usually for no > cost other than the time take to read the appropriate instructions for > your software. > > To be removed from the ORBS database, you need to disable the > external relay > features of your mail server and then report the IP address (ip address) > to our web site at http://www.orbs.org/closed2.cgi?address=(ip address) > We will immediately remove your site's entry, then re-test it for > third-party relay capabilities. > > ORBS is an automated testing system, if your mailserver has multiple > IP interfaces, it is likely that you will receive multiple copies of > this message. You should only receive one notice per IP number, however > ORBS notices are sent to both the literal IP address and the resolved DNS > name, so 2 notices may be received in some cases. > > Thank you for your attention to this matter. > > Sincerely, > > [EMAIL PROTECTED] > > The message your system relayed is attached below. > If you believe your server has been secured, please check the > X-Envelope lines to see which vulnerability has been missed > and check them against the list of vulnerabilties at > http://www.orbs.org/envelopes.html > > >From [EMAIL PROTECTED] Wed Mar 8 12:07:07 2000 > Received: from mail.domain.com (mail.domain.com [(ip address)]) > by mail2.manawatu.net.nz (8.9.3/8.9.3) with ESMTP id MAA15064 > for <[EMAIL PROTECTED]>; Wed, 8 Mar 2000 12:06:58 +1300 > X-Remote-IP: (ip address) > Received: from relaytest.orbs.vuurwerk.nl [194.178.232.55] by > (mail.domain.com) > (SMTPD32-6.00) id AEE3AFF01D6; Tue, 07 Mar 2000 15:21:07 -0800 > To: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > X-Token: vksypcgrkreenobv > X-Envelope-Sender: <[EMAIL PROTECTED]> > X-Envelope-Recipient: <[EMAIL PROTECTED]> > Message-Id: <(ip address)@orbs.org> > Subject: ORBS Relay Test - (ip address) > Date: Tue, 7 Mar 2000 15:21:11 -0800 > > This program checks for open relays. > > Open relays are automatically added to the ORBS Open Relay > Database (see http://www.orbs.org/ for details). > > Check http://www.orbs.org/verify.cgi?address=(ip address) for this hosts > current status. > > Vulnerability checks are detailed at http://www.orbs.org/envelopes.html > > Securing help can be found at http://www.orbs.org/otherresources.html > > There are multiple tests applied per IP address. > Partially secured hosts may pass some tests, but fail others. > Hosts are only classified as secure by ORBS if they pass all tests. > > Hosts which do not deliver messages are not classified as insecure. > > Do not use the above addresses to contact me - use [EMAIL PROTECTED] > > X-Token: vksypcgrkreenobv > X-Envelope-Sender: MAIL FROM:<[EMAIL PROTECTED]> > X-Envelope-Recipient: RCPT TO:<[EMAIL PROTECTED]> > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list.
