We also got hit with a similar config problem For our primary mail server we have 2 mx records one that points to mail.gabn.net ( primary) and a 2nd that points to mail2.gabn.net. mail2 is doing store and forward - mail.gabn.net is in the hosts file.
The ordb test was doing [EMAIL PROTECTED]@mail.gabn.net our relay settings were set to relay for our whole address block. so when IMail was sent this message it sent [EMAIL PROTECTED] to mail.gabn.net for final delivery mail2 was in mail.gabn.net relay for addresses so poof instant open relay. You must make sure that your servers setup with other servers setup in there host file isn't able to relay thru those servers. ----- Original Message ----- From: "Todd Holt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 30, 2002 9:50 AM Subject: RE: [IMail Forum] Open relay problem with Imail > I'm not sure what Imail is doing with the unusual mail address > ([EMAIL PROTECTED]), but thats not why your listed as an > open relay. Your an open relay because your relay option is set to "Relay > for Local Hosts Only" and the address appears to be in a local domain. The > ONLY safe relay options are "No Mail Relay" and "Relay Mail for Addresses". > Otherwise, you will eventually end up in an open relay list. > > Todd > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Keif Gwinn > Sent: Thursday, May 30, 2002 5:00 AM > To: [EMAIL PROTECTED] > Subject: [IMail Forum] Open relay problem with Imail > > > Hi, > > Someone submitted our relay (secondary) Imail server to one of these > open relay checkers, and it's showing as open, because, it is ! :( > > http://ordb.org/lookup/?host=217.204.140.37 > > However, this has show up a bug/problem in imail's handling of dodgy > email addresses, as shown by this relay checker. Particulary nasty of > the relay checker to try this but hey... by sending to > [EMAIL PROTECTED] it's managed to by pass the checking > for authentication. More details are below... > > Now, the setup is as follows. > > Zeno/trajan is 217.204.140.37/38 and running Imail 7.04. > Jovian is 212.135.143.132 and running Imail 7.07. > > Zeno is setup with a list of domains that it's supposed to relay for in > it's host file, as per ipswitches instructions on imail relay rules. > It's set on the smtp service to 'Relay mail for' and then a list of IP > addresses of destination mail servers. The hosts file contains the ip > address of the destination mail server, and the domain name. > > 172.16.143.132 iarna.co.uk > > (horrible internal network translation I know, but heh :) > > Jovian has a normal imail config and is set to relay for local IP > addresses and also do authenticated SMTP. > > Iarna.co.uk is hosted on jovian, internetpixie.net is hosted on a remote > server. > > Now, you do the following smtp transaction from an address zeno doesn't > recognise as local and so shouldn't relay straight for, you can do this. > > helo testing > mail from:<[EMAIL PROTECTED]> > rcpt to:<[EMAIL PROTECTED]> > data > Subject: This shouldn't work... > > But it looks like it will :( > > . > > > And here are the logs showing what happens... > > 05:30 10:21 SMTPD(000500A6) [217.204.240.61] helo testing > 05:30 10:21 SMTPD(000500A6) [217.204.240.61] mail from:<[EMAIL PROTECTED]> > 05:30 10:21 SMTPD(000500A6) [217.204.240.61] rcpt > to:<[EMAIL PROTECTED]> > 05:30 10:21 SMTPD(000500A6) [217.204.240.61] d:\Imail\Spool\Def290a6.SMD > 246 > 05:30 10:21 SMTP-(0000062C) processing d:\Imail\Spool\Qef290a6.SMD > 05:30 10:21 SMTP-(0000062C) Trying iarna.co.uk (0) > 05:30 10:21 SMTP-(0000062C) Connect iarna.co.uk [172.16.143.132:25] (1) > 05:30 10:21 SMTP-(0000062C) 220 jovian.1brick.iarna.co.uk (IMail 7.07 > 15490-8) NT-ESMTP Server X1 > 05:30 10:21 SMTP-(0000062C) >EHLO zeno.1brick.iarna.co.uk > 05:30 10:21 SMTP-(0000062C) 250-jovian.1brick.iarna.co.uk says hello > 05:30 10:21 SMTP-(0000062C) 250-SIZE 0 > 05:30 10:21 SMTP-(0000062C) 250-8BITMIME > 05:30 10:21 SMTP-(0000062C) 250-DSN > 05:30 10:21 SMTP-(0000062C) 250-ETRN > 05:30 10:21 SMTP-(0000062C) 250-AUTH LOGIN CRAM-MD5 > 05:30 10:21 SMTP-(0000062C) 250-AUTH=LOGIN > 05:30 10:21 SMTP-(0000062C) 250 EXPN > 05:30 10:21 SMTP-(0000062C) >MAIL FROM:<[EMAIL PROTECTED]> > 05:30 10:21 SMTP-(0000062C) 250 ok > 05:30 10:21 SMTP-(0000062C) >RCPT > To:<[EMAIL PROTECTED]> > 05:30 10:21 SMTP-(0000062C) 250 ok its for <[EMAIL PROTECTED]> > 05:30 10:21 SMTP-(0000062C) >DATA > 05:30 10:21 SMTP-(0000062C) 354 ok, send it; end with <CRLF>.<CRLF> > 05:30 10:21 SMTP-(0000062C) >. > 05:30 10:21 SMTP-(0000062C) 250 Message queued > 05:30 10:21 SMTP-(0000062C) rdeliver iarna.co.uk > [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 285 > 05:30 10:21 SMTP-(0000062C) >QUIT > 05:30 10:21 SMTP-(0000062C) 221 Goodbye > 05:30 10:21 SMTP-(0000062C) finished d:\Imail\Spool\Qef290a6.SMD > status=1 > > Then this is the log from jovian... I'd missed installing the time > syncher on this machine till I did this... fixed now :) > > 05:30 10:19 SMTP-(00000658) processing > d:\IMail\spool\Qee8c086500e29cb4.SMD > 05:30 10:19 SMTP-(00000658) Trying internetpixie.net (0) > 05:30 10:19 SMTP-(00000658) Connect internetpixie.net > [212.35.225.149:25] (1) > 05:30 10:19 SMTP-(00000658) 220 sulphur.cix.co.uk ESMTP Sendmail > 8.11.3/CIX/8.11.3; Thu, 30 May 2002 10:21:53 +0100 (BST) (Nextra) Dogs > are running normally.. NO UCE [12474] > 05:30 10:19 SMTP-(00000658) >EHLO jovian.1brick.iarna.co.uk > 05:30 10:19 SMTP-(00000658) 250-sulphur.cix.co.uk Hello > jovian.iarnagroup.co.uk [212.135.143.132], pleased to meet you > 05:30 10:19 SMTP-(00000658) 250-ENHANCEDSTATUSCODES > 05:30 10:19 SMTP-(00000658) 250-8BITMIME > 05:30 10:19 SMTP-(00000658) 250-SIZE 50000000 > 05:30 10:19 SMTP-(00000658) 250-DSN > 05:30 10:19 SMTP-(00000658) 250-ONEX > 05:30 10:19 SMTP-(00000658) 250-XUSR > 05:30 10:19 SMTP-(00000658) 250 HELP > 05:30 10:19 SMTP-(00000658) >MAIL FROM:<[EMAIL PROTECTED]> > 05:30 10:19 SMTP-(00000658) 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok > 05:30 10:19 SMTP-(00000658) >RCPT To:<[EMAIL PROTECTED]> > 05:30 10:19 SMTP-(00000658) 250 2.1.5 <[EMAIL PROTECTED]>... > Recipient ok > 05:30 10:19 SMTP-(00000658) >DATA > 05:30 10:19 SMTP-(00000658) 354 Enter mail, end with "." on a line by > itself > 05:30 10:19 SMTP-(00000658) >. > 05:30 10:19 SMTP-(00000658) 250 2.0.0 g4U9Lrl12475 Message accepted for > delivery > 05:30 10:19 SMTP-(00000658) rdeliver internetpixie.net > [EMAIL PROTECTED] (1) <[EMAIL PROTECTED]> 447 > 05:30 10:19 SMTP-(00000658) >QUIT > 05:30 10:19 SMTP-(00000658) 221 2.0.0 sulphur.cix.co.uk closing > connection > 05:30 10:19 SMTP-(00000658) finished > d:\IMail\spool\Qee8c086500e29cb4.SMD status=1 > > So, we've successfully used zeno to send mail to an external mail > server... with no authentication. What can we do about this ? Is there > anything I can change on the servers, or is this a proper bug :) The > mal-formed email address is the worst bit... why is it expanding that to > be the email address ? > > Thanks, > > Keif Gwinn > > IARNA, a Hostway Company > scotts sufferance wharf > 1 mill street. london. se1 > united kingdom > t/ +44 207 231 7766 > f/ +44 207 231 2327 > www.iarna.co.uk > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Please visit the Knowledge Base for answers to frequently asked > questions: http://www.ipswitch.com/support/IMail/ > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Please visit the Knowledge Base for answers to frequently asked > questions: http://www.ipswitch.com/support/IMail/ > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
