Hi, Someone submitted our relay (secondary) Imail server to one of these open relay checkers, and it's showing as open, because, it is ! :(
http://ordb.org/lookup/?host=217.204.140.37 However, this has show up a bug/problem in imail's handling of dodgy email addresses, as shown by this relay checker. Particulary nasty of the relay checker to try this but hey... by sending to [EMAIL PROTECTED] it's managed to by pass the checking for authentication. More details are below... Now, the setup is as follows. Zeno/trajan is 217.204.140.37/38 and running Imail 7.04. Jovian is 212.135.143.132 and running Imail 7.07. Zeno is setup with a list of domains that it's supposed to relay for in it's host file, as per ipswitches instructions on imail relay rules. It's set on the smtp service to 'Relay mail for' and then a list of IP addresses of destination mail servers. The hosts file contains the ip address of the destination mail server, and the domain name. 172.16.143.132 iarna.co.uk (horrible internal network translation I know, but heh :) Jovian has a normal imail config and is set to relay for local IP addresses and also do authenticated SMTP. Iarna.co.uk is hosted on jovian, internetpixie.net is hosted on a remote server. Now, you do the following smtp transaction from an address zeno doesn't recognise as local and so shouldn't relay straight for, you can do this. helo testing mail from:<[EMAIL PROTECTED]> rcpt to:<[EMAIL PROTECTED]> data Subject: This shouldn't work... But it looks like it will :( . And here are the logs showing what happens... 05:30 10:21 SMTPD(000500A6) [217.204.240.61] helo testing 05:30 10:21 SMTPD(000500A6) [217.204.240.61] mail from:<[EMAIL PROTECTED]> 05:30 10:21 SMTPD(000500A6) [217.204.240.61] rcpt to:<[EMAIL PROTECTED]> 05:30 10:21 SMTPD(000500A6) [217.204.240.61] d:\Imail\Spool\Def290a6.SMD 246 05:30 10:21 SMTP-(0000062C) processing d:\Imail\Spool\Qef290a6.SMD 05:30 10:21 SMTP-(0000062C) Trying iarna.co.uk (0) 05:30 10:21 SMTP-(0000062C) Connect iarna.co.uk [172.16.143.132:25] (1) 05:30 10:21 SMTP-(0000062C) 220 jovian.1brick.iarna.co.uk (IMail 7.07 15490-8) NT-ESMTP Server X1 05:30 10:21 SMTP-(0000062C) >EHLO zeno.1brick.iarna.co.uk 05:30 10:21 SMTP-(0000062C) 250-jovian.1brick.iarna.co.uk says hello 05:30 10:21 SMTP-(0000062C) 250-SIZE 0 05:30 10:21 SMTP-(0000062C) 250-8BITMIME 05:30 10:21 SMTP-(0000062C) 250-DSN 05:30 10:21 SMTP-(0000062C) 250-ETRN 05:30 10:21 SMTP-(0000062C) 250-AUTH LOGIN CRAM-MD5 05:30 10:21 SMTP-(0000062C) 250-AUTH=LOGIN 05:30 10:21 SMTP-(0000062C) 250 EXPN 05:30 10:21 SMTP-(0000062C) >MAIL FROM:<[EMAIL PROTECTED]> 05:30 10:21 SMTP-(0000062C) 250 ok 05:30 10:21 SMTP-(0000062C) >RCPT To:<[EMAIL PROTECTED]> 05:30 10:21 SMTP-(0000062C) 250 ok its for <[EMAIL PROTECTED]> 05:30 10:21 SMTP-(0000062C) >DATA 05:30 10:21 SMTP-(0000062C) 354 ok, send it; end with <CRLF>.<CRLF> 05:30 10:21 SMTP-(0000062C) >. 05:30 10:21 SMTP-(0000062C) 250 Message queued 05:30 10:21 SMTP-(0000062C) rdeliver iarna.co.uk [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 285 05:30 10:21 SMTP-(0000062C) >QUIT 05:30 10:21 SMTP-(0000062C) 221 Goodbye 05:30 10:21 SMTP-(0000062C) finished d:\Imail\Spool\Qef290a6.SMD status=1 Then this is the log from jovian... I'd missed installing the time syncher on this machine till I did this... fixed now :) 05:30 10:19 SMTP-(00000658) processing d:\IMail\spool\Qee8c086500e29cb4.SMD 05:30 10:19 SMTP-(00000658) Trying internetpixie.net (0) 05:30 10:19 SMTP-(00000658) Connect internetpixie.net [212.35.225.149:25] (1) 05:30 10:19 SMTP-(00000658) 220 sulphur.cix.co.uk ESMTP Sendmail 8.11.3/CIX/8.11.3; Thu, 30 May 2002 10:21:53 +0100 (BST) (Nextra) Dogs are running normally.. NO UCE [12474] 05:30 10:19 SMTP-(00000658) >EHLO jovian.1brick.iarna.co.uk 05:30 10:19 SMTP-(00000658) 250-sulphur.cix.co.uk Hello jovian.iarnagroup.co.uk [212.135.143.132], pleased to meet you 05:30 10:19 SMTP-(00000658) 250-ENHANCEDSTATUSCODES 05:30 10:19 SMTP-(00000658) 250-8BITMIME 05:30 10:19 SMTP-(00000658) 250-SIZE 50000000 05:30 10:19 SMTP-(00000658) 250-DSN 05:30 10:19 SMTP-(00000658) 250-ONEX 05:30 10:19 SMTP-(00000658) 250-XUSR 05:30 10:19 SMTP-(00000658) 250 HELP 05:30 10:19 SMTP-(00000658) >MAIL FROM:<[EMAIL PROTECTED]> 05:30 10:19 SMTP-(00000658) 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok 05:30 10:19 SMTP-(00000658) >RCPT To:<[EMAIL PROTECTED]> 05:30 10:19 SMTP-(00000658) 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok 05:30 10:19 SMTP-(00000658) >DATA 05:30 10:19 SMTP-(00000658) 354 Enter mail, end with "." on a line by itself 05:30 10:19 SMTP-(00000658) >. 05:30 10:19 SMTP-(00000658) 250 2.0.0 g4U9Lrl12475 Message accepted for delivery 05:30 10:19 SMTP-(00000658) rdeliver internetpixie.net [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 447 05:30 10:19 SMTP-(00000658) >QUIT 05:30 10:19 SMTP-(00000658) 221 2.0.0 sulphur.cix.co.uk closing connection 05:30 10:19 SMTP-(00000658) finished d:\IMail\spool\Qee8c086500e29cb4.SMD status=1 So, we've successfully used zeno to send mail to an external mail server... with no authentication. What can we do about this ? Is there anything I can change on the servers, or is this a proper bug :) The mal-formed email address is the worst bit... why is it expanding that to be the email address ? Thanks, Keif Gwinn IARNA, a Hostway Company scotts sufferance wharf 1 mill street. london. se1 united kingdom t/ +44 207 231 7766 f/ +44 207 231 2327 www.iarna.co.uk Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
