Re: [IMail Forum] Help!, my server as OPENRELAY

Tue, 24 Jun 2003 08:00:20 -0700


The panorama looks like this:

I have 2 Imail Servers with Relay Settings as "Relay mail for Addresses" and SMTP AUTH in both servers. The IP address of each server is allowed at the other server IP Table.

why? Does one ever have to relay its outbound through the other?

If they are backup MXs for each other, they don't need to trust each other for relaying, since backup MX is not relaying the outbound. MX is delivery to Imail domains, (not out to any non-Imail domains).

06:24 08:19 SMTPD(2DFC00BE) [200.69.97.12] connect 62.242.0.190 port 1977
06:24 08:19 SMTPD(2DFC00BE) [62.242.0.190] EHLO localhost.localdomain

ha, I block any MTA that helo's us with domain name of $domain, localhost, or localhost.localdomain.

06:24 08:19 SMTPD(2DFC00BE) [62.242.0.190] MAIL FROM:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
06:24 08:19 SMTPD(2DFC00BE) [62.242.0.190] RCPT TO:<@geo.net.co:[EMAIL PROTECTED]>

... this kind of routed email address should be blocked.

06:24 08:19 SMTPD(2DFC00BE) [62.242.0.190] D:\IMAIL\spool\D4fe72dfc00be33f9.SMD 936
06:24 08:19 SMTP-(00000878) processing D:\IMAIL\spool\Q4fe72dfc00be33f9.SMD
06:24 08:19 SMTP-(00000878) Trying geo.net.co (0)
06:24 08:19 SMTP-(00000878) Connect geo.net.co [200.69.97.11:25] (1)
06:24 08:19 SMTP-(00000878) 220 geo.net.co (IMail 7.15 90800-39) NT-ESMTP Server X1
06:24 08:19 SMTP-(00000878) >EHLO dns2.geo.net.co
06:24 08:19 SMTP-(00000878) 250-geo.net.co says hello
06:24 08:19 SMTP-(00000878) 250-SIZE 0
06:24 08:19 SMTP-(00000878) 250-8BITMIME
06:24 08:19 SMTP-(00000878) 250-DSN
06:24 08:19 SMTP-(00000878) 250-ETRN
06:24 08:19 SMTP-(00000878) 250-AUTH LOGIN
06:24 08:19 SMTP-(00000878) 250-AUTH=LOGIN
06:24 08:19 SMTP-(00000878) 250 EXPN
06:24 08:19 SMTP-(00000878) >MAIL FROM:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
06:24 08:19 SMTP-(00000878) 250 ok
06:24 08:19 SMTP-(00000878) >RCPT To:<<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
06:24 08:19 SMTP-(00000878) 250 ok its for <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]>
06:24 08:19 SMTP-(00000878) >DATA
06:24 08:19 SMTP-(00000878) 354 ok, send it; end with <CRLF>.<CRLF>
06:24 08:19 SMTP-(00000878) >.
06:24 08:19 SMTP-(00000878) 250 Message queued
06:24 08:19 SMTP-(00000878) rdeliver geo.net.co <mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED] (1) <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]> 1063
06:24 08:19 SMTP-(00000878) >QUIT
06:24 08:19 SMTP-(00000878) 221 Goodbye
06:24 08:19 SMTP-(00000878) finished D:\IMAIL\spool\Q4fe72dfc00be33f9.SMD status=1


So, what i see is that he tries to send the email through my other server (geo.net.co) and cause geo.net.co has 200.69.97.12 in his IP Relay table, it sends the imail.

There's no need for the Imail servers to trust each other for relaying, so remove their IPs from each other's relay for addresses.

And block envelope recipients with two @'s or with the "%" hack or with ":".

Len




To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to