Re: Relay test on abuse.net

[Tim Hunter]

No, unless you have enabled the percenthack '%' (see 
http://www.lifewithqmail.org/lwq.html#percenthack for details) you are not a 
relay.

Please stop with the questions unless you actually check for answers first. 

Daniel Duclos writes: 

> On Mon, 16 Apr 2001, Tim Hunter wrote: 
> 
>> Was the message relayed?  My guess, NO.  If it wasn't delivered its not a
>> problem. 
>>
>> What part of "THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY." doesn't
>> make sense?
> 
> Ok, so I'm gonna take a ride in the subject and ask about my relay test on
> mailabuse.rg... 
> 
> :Relay test: #Test 9
>>>> mail from: 
> <<< 250 ok
>>>> rcpt to: 
> <<< 250 ok
>>>> QUIT
> <<< 221 nicholas.cybershark.net
> Tested host banner: 220 nicholas.cybershark.net ESMTP
> System appeared to accept 1 relay attempts
> Connection closed by foreign host. 
> 
> So, this means I am vunelrable to SPAM? 
> 
> Thank you for you attention and patience! 
> 
> regards, 
> 
> daniduc 
> 
> Daniel Lobato Duclos - [EMAIL PROTECTED] - http://www.cybershark.net
> ---
> Money Isn't Our God - Integrity Will Free Our Soul (Sepultura - CutThroat) 
> 
> 
 

RE: Relay test on abuse.net

[Daniel Duclos]

On Mon, 16 Apr 2001, Tim Hunter wrote:

> Was the message relayed?  My guess, NO.  If it wasn't delivered its not a
> problem.
>
> What part of "THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY." doesn't
> make sense?

Ok, so I'm gonna take a ride in the subject and ask about my relay test on
mailabuse.rg...

:Relay test: #Test 9
>>> mail from: 
<<< 250 ok
>>> rcpt to: 
<<< 250 ok
>>> QUIT
<<< 221 nicholas.cybershark.net
Tested host banner: 220 nicholas.cybershark.net ESMTP
System appeared to accept 1 relay attempts
Connection closed by foreign host.

So, this means I am vunelrable to SPAM?

Thank you for you attention and patience!

regards,

daniduc

Daniel Lobato Duclos - [EMAIL PROTECTED] - http://www.cybershark.net
---
Money Isn't Our God - Integrity Will Free Our Soul (Sepultura - CutThroat)

Re: Relay test on abuse.net

[David Young]

Take a look at this -- be sure to look at the two "Follow-Ups" to the
mesage:

http://lists.omnipotent.net/qmail/200010/msg00817.html

> From: "Jairo Marciano Silva" <[EMAIL PROTECTED]>
> Date: Mon, 16 Apr 2001 13:37:11 -0300
> To: <[EMAIL PROTECTED]>
> Subject: Relay test on abuse.net
> 
> My server failed in Relay Test 6 in www.abuse.net.
> The result is:
> 
> Relay test 6
>>>> RSET
> <<< 250 flushed
>>>> MAIL FROM:<[EMAIL PROTECTED]>
> <<< 250 ok
>>>> RCPT TO:<[EMAIL PROTECTED]>
> <<< 250 ok
> 
> Relay test result
> Hmmn, at first glance, host appeared to accept a message for relay.
> THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
> 
> Can somebody help me ?
> 
> TIA
> Jairo
> 
> 
> 
> 
> 
> 

Re: Relay test on abuse.net

[Jairo Marciano Silva]

Thanks very much !!!

Jairo

- Original Message -
From: "John P" <[EMAIL PROTECTED]>
To: "Jairo Marciano Silva" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, April 16, 2001 1:54 PM
Subject: Re: Relay test on abuse.net


> > Relay test 6
> > >>> RSET
> > <<< 250 flushed
> > >>> MAIL FROM:<[EMAIL PROTECTED]>
> > <<< 250 ok
> > >>> RCPT TO:<[EMAIL PROTECTED]>
> > <<< 250 ok
> >
> > Relay test result
> > Hmmn, at first glance, host appeared to accept a message for relay.
> > THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
>
> Jairo,
>
> No, your qmail is OK, unless you've enabled percenthacks (if you're not
> sure, then you haven't, it's disabled by default). Percenthacks control
> outbound relaying eg. user@host%relay_host
>
> I think it's something to do with the way qmail first accepts the message,
> the test on abuse.net thinks that qmail is willing to send the message.
>
> Regards
> John
>

Re: Relay test on abuse.net

[John P]

> Relay test 6
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:<[EMAIL PROTECTED]>
> <<< 250 ok
> >>> RCPT TO:<[EMAIL PROTECTED]>
> <<< 250 ok
>
> Relay test result
> Hmmn, at first glance, host appeared to accept a message for relay.
> THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Jairo,

No, your qmail is OK, unless you've enabled percenthacks (if you're not
sure, then you haven't, it's disabled by default). Percenthacks control
outbound relaying eg. user@host%relay_host

I think it's something to do with the way qmail first accepts the message,
the test on abuse.net thinks that qmail is willing to send the message.

Regards
John

RE: Relay test on abuse.net

[Tim Hunter]

Was the message relayed?  My guess, NO.  If it wasn't delivered its not a
problem.

What part of "THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY." doesn't
make sense?


-Original Message-
From: Jairo Marciano Silva [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 16, 2001 12:37 PM
To: [EMAIL PROTECTED]
Subject: Relay test on abuse.net


My server failed in Relay Test 6 in www.abuse.net.
The result is:

Relay test 6
>>> RSET
<<< 250 flushed
>>> MAIL FROM:<[EMAIL PROTECTED]>
<<< 250 ok
>>> RCPT TO:<[EMAIL PROTECTED]>
<<< 250 ok

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Can somebody help me ?

TIA
Jairo

Re: Relay test on abuse.net

[Charles Cazabon]

Jairo Marciano Silva <[EMAIL PROTECTED]> wrote:
> My server failed in Relay Test 6 in www.abuse.net. 

No, it didn't.  This comes up all the time; read the bloody mailing list
archives.

Charles
-- 
---
Charles Cazabon<[EMAIL PROTECTED]>
GPL'ed software available at:  http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
---

Relay test on abuse.net

[Jairo Marciano Silva]

My server failed in Relay Test 6 in www.abuse.net. 
The result is:

Relay test 6
>>> RSET
<<< 250 flushed
>>> MAIL FROM:<[EMAIL PROTECTED]>
<<< 250 ok
>>> RCPT TO:<[EMAIL PROTECTED]>
<<< 250 ok

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

Can somebody help me ?

TIA
Jairo

Re: Relay test

[Russell Nelson]

Paco Martinez writes:
 > Relay test result
 > Hmmn, at first glance, host appeared to accept a message for relay. 
 > THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
 > 
 > 
 > As you see "Test 9" shows that my PC has a security hole 

Hello, Paco.  Could you please translate "THIS MAY OR MAY NOT MEAN THAT
IT'S AN OPEN RELAY" into your native language?  Obviously it's not
sufficient to say it in English with capital letters.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "This is Unix...
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Stop acting so helpless."
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | --Daniel J. Bernstein

Re: Relay test

[Harald Hanche-Olsen]

+ "Paco Martinez" <[EMAIL PROTECTED]>:

| Relay test 9
| >>> RSET
| <<< 250 flushed
| >>> MAIL FROM:
| <<< 250 ok
| >>> RCPT TO:<"relaytest%abuse.net">
| <<< 250 ok
| 
| Relay test result
| Hmmn, at first glance, host appeared to accept a message for relay. 
| THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

It does not.  That address has only a local part, and will be treated
as local on your machine.  Unless you have enabled percenthack, or
have set envnoathost to a remote domain, the message will not be
relayed (check the qmail-send man page).  Most likely it will bounce
instead.

- Harald

Relay test

[Paco Martinez]

Hi all 
 
I have put Qmail in my PC and I'd like to know how 
to avoid my PC from spammers.
 
Imagine that IP address is 192.168.1.1
 
I have checked PC using URL: http://www.abuse.net/cgi-bin/relaytest?ADDR=192.168.1.1&ALIAS=YES
 
and I have obtained this message:
 
Relay test 8>>> RSET<<< 
250 flushed>>> MAIL 
FROM:<<< 250 ok>>> RCPT 
TO:<"[EMAIL PROTECTED]"><<< 553 sorry, that domain isn't in 
my list of allowed rcpthosts (#5.7.1)
 
Relay test 9>>> RSET<<< 
250 flushed>>> MAIL 
FROM:<<< 250 ok>>> RCPT 
TO:<"relaytest%abuse.net"><<< 250 ok
 

Relay test resultHmmn, at first glance, host appeared to accept a 
message for relay. 
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.
 
As you see "Test 9" shows that my PC has a security hole 

How can I avoid PC from that unsecurity case 
???
 
Thank you very much !!!

RE: open relay test

[Hubbard, David]

http://www.abuse.net/relay.html is a good way.

Dave

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 17, 2000 7:13 PM
To: [EMAIL PROTECTED]
Subject: open relay test


How do I check for open relay?
I saw something once with a simple test.
could someone please point me to something
similar
-- 
Kind regards

Kevin Waterson
CEO OceaniaTLA

open relay test

[kevin]

How do I check for open relay?
I saw something once with a simple test.
could someone please point me to something
similar
-- 
Kind regards

Kevin Waterson
CEO OceaniaTLA

Re: Open relay test.

[John Gonzalez/netMDC admin]

On 8 Sep 2000, John R. Levine wrote:

| (Friendly hint: if you ignore the ugly blinking message and send me
| mail anyway saying that the tester claimed that your system is an open
| relay because it accepted the test message, I'll write back and call
| you a moron.)
| 

Hrmm.. i just ran the test through my servers john, and for some reason,
i dont see any blinking text... only in pure black text:

>>> RSET
<<< 250 flushed
>>> MAIL FROM:<[EMAIL PROTECTED]>
<<< 250 ok
>>> RCPT TO:<"relaytest%abuse.net">
<<< 250 ok

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.


-- 
  ___   _  __   _  
__  /___ ___    /__  John Gonzalez/Net.Tech
__  __ \ __ \  __/_  __ `__ \/ __  /_  ___/ MDC Computers/netMDC!
_  / / / `__/ /_  / / / / / / /_/ / / /__ (505)439-0200/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/  \___/ http://www.netmdc.com
[-[system info]---]
  1:10pm  up 1 day, 18:39,  3 users,  load average: 0.22, 0.12, 0.10

Re: Open relay test.

[John R. Levine]

>*duh* - telnetting into the world from our mail server is prohibited by
>the firewall hehe.
>mail-abuse.org accepts mail from me via that server tho (relay reports).

You're welcome to use my experimental tester at
http://www.abuse.net/relay.html.  It's more or less the same tests
that the MAPS RSS uses, and is pretty similar to but less aggressive
than ORBS.

It also does the user%dom1@dom2 test, because that's a famous relay
hole in a lot of sendmail systems.  If you have qmail, the tester will
note that it accepted the message, then say in large ugly blinking
letters that your system is only an open relay if it actually forwards
the message back.  If you're a registered abuse.net user, it can
assign you a temporary abuse.net forwarding address so you can test
your own server using an address not in your own domain.

(Friendly hint: if you ignore the ugly blinking message and send me
mail anyway saying that the tester claimed that your system is an open
relay because it accepted the test message, I'll write back and call
you a moron.)

-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail

Re: Open relay test.

[Stephen F. Bosch]

"OK 2 NET - André Paulsberg" wrote:
> 
> > I imagine that more than one person on this list has spoken to ORBS
> > about their misleading relay test? How many people have ended up on the
> > ORBS list simply because their qmail installations accepted emails with
> > "%" or "!" in the To: field?
> 
> NO ONE!
> 
> ORBS tester requires the E-Mail to reach them at their test account,
> this can only happen if you are an Open Relay server.
> They also keep the relayed message at their site for verification.

AH good.

=)

-Stephen-

Re: Open relay test.

[OK 2 NET - André Paulsberg]

> I imagine that more than one person on this list has spoken to ORBS
> about their misleading relay test? How many people have ended up on the
> ORBS list simply because their qmail installations accepted emails with
> "%" or "!" in the To: field?

NO ONE!

ORBS tester requires the E-Mail to reach them at their test account,
this can only happen if you are an Open Relay server.
They also keep the relayed message at their site for verification.


MVH André Paulsberg

Re: Open relay test.

[Peter van Dijk]

On Sun, Sep 03, 2000 at 02:07:25PM -0700, Eric Cox wrote:
[snip]
> > I am adding the non-colors, table feature.. I do not like the colors or
> > tags. GUI people like it.. I will add a Bool for the Graphics and table
> > format.. so that you can switch from either mode.. however as you reported
> > at the bottom it is not considered a open relay.. But if ORBS runs the test
> > and it fails then you are added to the ORBS database..
> 
> I don't think that's true.  They bad-mouth qmail for doing this in their 
> tech section, but I'm almost certain that the mail has to actually be 
> relayed to get listed. 

The badmouthing at www.orbs.org is about qmail being an open relay if
rcpthosts doesn't exist.

And yes, orbs only lists you if the relay test message gets delivered.

Greetz, Peter.
-- 
[ircoper][EMAIL PROTECTED] - Peter van Dijk / Hardbeat
[student]Undernet:#groningen/wallops | IRCnet:/#alliance
[developer]_
[disbeliever - the world is backwards](__VuurWerk__(--*-

Re: Open relay test.

[Russ Allbery]

Sean C Truman <[EMAIL PROTECTED]> writes:

> I agree the ORBS test are dumb and don't really pertain to 95% of the
> mail servers out there. But if you are in the ORBS database then some mail
> is going to be rejected.

Except that ORBS doesn't actually add people who "fail" that test but
don't relay the mail.  So it's not true that your tester is using the same
tests as ORBS is.

-- 
Russ Allbery ([EMAIL PROTECTED]) 

Re: Open relay test.

[Eric Cox]

"Stephen F. Bosch" wrote:
> 
> I imagine that more than one person on this list has spoken to ORBS
> about their misleading relay test? How many people have ended up on the
> ORBS list simply because their qmail installations accepted emails with
> "%" or "!" in the To: field?

None.  ORBS doesn't do this.  If none of the mails are relayed back to 
one of the ORBS recieving machines, the tested machine is not listed.
 
> This seems extraordinarily stupid to me...

It would be if it were true...

Eric

Re: Open relay test.

[Eric Cox]

Sean C Truman wrote:
> 
> I am adding the non-colors, table feature.. I do not like the colors or
> tags. GUI people like it.. I will add a Bool for the Graphics and table
> format.. so that you can switch from either mode.. however as you reported
> at the bottom it is not considered a open relay.. But if ORBS runs the test
> and it fails then you are added to the ORBS database..

I don't think that's true.  They bad-mouth qmail for doing this in their 
tech section, but I'm almost certain that the mail has to actually be 
relayed to get listed. 

Eric

Re: Open relay test.

[Stephen F. Bosch]

I imagine that more than one person on this list has spoken to ORBS
about their misleading relay test? How many people have ended up on the
ORBS list simply because their qmail installations accepted emails with
"%" or "!" in the To: field?

This seems extraordinarily stupid to me...

-Stephen-

Re: Open relay test.

[Sean C Truman]

Magnus,

Newbieproof the script.. Gottcha.. That all you had to say.. Sorry.. :)

Sean
- Original Message -
From: Magnus Bodin <[EMAIL PROTECTED]>
To: qmail list <[EMAIL PROTECTED]>
Sent: Sunday, September 03, 2000 12:02 PM
Subject: Re: Open relay test.


> On Sun, Sep 03, 2000 at 11:42:22AM -0400, Sean C Truman wrote:
> > Magnus,
> >
> > I agree the ORBS test are dumb and don't really pertain to 95% of
the
> > mail servers out there. But if you are in the ORBS database then some
mail
> > is going to be rejected. This test is just a overall test so that all
system
> > administrators can test. Not just the 95% of us out there.  And as far
as
> > decision making.. no one is making any decisions. If you know certain
test
> > don't apply to you. Ignore them! As a mail administrator you should know
> > which test do and don't apply to your server.. The test does not report
it's
> > results to anywhere except your browser.
>
> I agree partly.
>
> But my point is that the test is misleading and will cause confusion for
> those who don't understand. Especially if it states with big letters that
> "You are running an Open Relay" without any explanations.
>
> /magnus
>
> --
> http://x42.com/

Re: Open relay test.

[wolfgang zeikat]

*duh* - telnetting into the world from our mail server is prohibited by
the firewall hehe.
mail-abuse.org accepts mail from me via that server tho (relay reports).

wolfgang



  Also sprach Sean C Truman <[EMAIL PROTECTED]> on
  03.09.2000:
  From your mail server just telnet to mail-abuse.org and you
  will see what I am explaining.
  
  

Re: Open relay test.

[Magnus Bodin]

On Sun, Sep 03, 2000 at 11:42:22AM -0400, Sean C Truman wrote:
> Magnus,
> 
> I agree the ORBS test are dumb and don't really pertain to 95% of the
> mail servers out there. But if you are in the ORBS database then some mail
> is going to be rejected. This test is just a overall test so that all system
> administrators can test. Not just the 95% of us out there.  And as far as
> decision making.. no one is making any decisions. If you know certain test
> don't apply to you. Ignore them! As a mail administrator you should know
> which test do and don't apply to your server.. The test does not report it's
> results to anywhere except your browser.

I agree partly. 

But my point is that the test is misleading and will cause confusion for
those who don't understand. Especially if it states with big letters that
"You are running an Open Relay" without any explanations. 

/magnus

--
http://x42.com/

Re: Open relay test.

[Sean C Truman]

Wolfgang,

This test doesn't do the ORBS test.. It does the test at mail-abuse.org.
If you can send me a copy of the test that ORBS preforms. I would be happy
to add them.. If you would like to see what I am talking about with
mail-abuse.org, From your mail server just telnet to mail-abuse.org and you
will see what I am explaining.

Sean
- Original Message -
From: wolfgang zeikat <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 03, 2000 11:16 AM
Subject: Re: Open relay test.


>   Also sprach Sean C Truman <[EMAIL PROTECTED]> on
>   03.09.2000:
>   But if ORBS runs the test
>   and it fails then you are added to the ORBS database..
>
> i doubt that.
> my server has repeatedly been tested by ORBS and is considered clean.
>
> wolfgang
>
>
>
>
>

Re: Open relay test.

[Sean C Truman]

Magnus,

I agree the ORBS test are dumb and don't really pertain to 95% of the
mail servers out there. But if you are in the ORBS database then some mail
is going to be rejected. This test is just a overall test so that all system
administrators can test. Not just the 95% of us out there.  And as far as
decision making.. no one is making any decisions. If you know certain test
don't apply to you. Ignore them! As a mail administrator you should know
which test do and don't apply to your server.. The test does not report it's
results to anywhere except your browser.


Sean
- Original Message -
From: Magnus Bodin <[EMAIL PROTECTED]>
To: qmail list <[EMAIL PROTECTED]>
Sent: Sunday, September 03, 2000 11:07 AM
Subject: Re: Open relay test.


> On Sun, Sep 03, 2000 at 11:00:14AM -0400, Sean C Truman wrote:
> > I am adding the non-colors, table feature.. I do not like the colors or
> > tags. GUI people like it.. I will add a Bool for the Graphics and table
> > format.. so that you can switch from either mode.. however as you
reported
> > at the bottom it is not considered a open relay.. But if ORBS runs the
test
> > and it fails then you are added to the ORBS database..
>
> But ORBS tests are dumb.
>
> [EMAIL PROTECTED] could actually be a
> mail address at my system.
>
> Why should anybody make a false decision about me running an open relay
due
> to the fact that there are lots of MTA:s out there with buggy percenthack
> implementations/configurations?
>
> This holds for the other "strange" e-mail addresses in the test as well.
>
> /magnus
>
> --
> http://x42.com/

Re: Open relay test.

[wolfgang zeikat]

  Also sprach Sean C Truman <[EMAIL PROTECTED]> on
  03.09.2000:
  But if ORBS runs the test
  and it fails then you are added to the ORBS database..

i doubt that.
my server has repeatedly been tested by ORBS and is considered clean.

wolfgang



  
  

Re: Open relay test.

[Magnus Bodin]

On Sun, Sep 03, 2000 at 11:00:14AM -0400, Sean C Truman wrote:
> I am adding the non-colors, table feature.. I do not like the colors or
> tags. GUI people like it.. I will add a Bool for the Graphics and table
> format.. so that you can switch from either mode.. however as you reported
> at the bottom it is not considered a open relay.. But if ORBS runs the test
> and it fails then you are added to the ORBS database..

But ORBS tests are dumb. 

[EMAIL PROTECTED] could actually be a
mail address at my system. 

Why should anybody make a false decision about me running an open relay due
to the fact that there are lots of MTA:s out there with buggy percenthack
implementations/configurations? 

This holds for the other "strange" e-mail addresses in the test as well.

/magnus

--
http://x42.com/

Re: Open relay test.

[Sean C Truman]

Magnus,

Thanks for the input.. I will go ahead and have it send a message then
check to see if it actually relayed it. I just pretty much copied the telnet
mail-abuse.org test onto a Web page..

Sean
- Original Message -
From: Magnus Bodin <[EMAIL PROTECTED]>
To: qmail list <[EMAIL PROTECTED]>
Sent: Sunday, September 03, 2000 10:54 AM
Subject: Re: Open relay test.


>
> On Sun, Sep 03, 2000 at 09:49:19AM -0400, Sean C Truman wrote:
> > Hey all,
> >
> > I have put together a small OPEN relay tester. It runs the same test
ORBS runs.
> >
> > http://www.prodigysolutions.com/relay_test.html
>
> It also states falsely that if a host that handles mail for the
> "example.com" domain e.g. accepts
>
>   [EMAIL PROTECTED]
>   [EMAIL PROTECTED]@example.com
>   [EMAIL PROTECTED]
>
> then it is an open relay although it isn't.
>
> A TRUE relay tester must wait and see if the mail get's relayed due to
> implementation/configuration.
>
> /magnus
>
> --
> http://x42.com/

Re: Open relay test.

[Sean C Truman]

I am adding the non-colors, table feature.. I do not like the colors or
tags. GUI people like it.. I will add a Bool for the Graphics and table
format.. so that you can switch from either mode.. however as you reported
at the bottom it is not considered a open relay.. But if ORBS runs the test
and it fails then you are added to the ORBS database..

If you would like to pass all test. get the badmailfrom patch from
www.qmail.org and use it.. and filter out the *%* unless you are using the
percent for anything.

Sean
- Original Message -
From: wolfgang zeikat <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 03, 2000 10:52 AM
Subject: Re: Open relay test.


> i tested your tester, thanks :)
>
> (*erm*, wouldnt it be easier if you could copy/paste from the results page
> without having to open the page source and seeing those *tons* of
> color/font tags? :)
>
> however, your test claims i am running an open relay due to these results:
>MAIL FROM:([EMAIL PROTECTED]@62.96.181.213)
>250 ok
>RCPT TO:("nobody%prodigysolutions.com")
>250 ok
>250 flushed
> and
>MAIL FROM:([EMAIL PROTECTED]@62.96.181.213)
>250 ok
>RCPT TO:("prodigysolutions.com!nobody")
>250 ok
>250 flushed
>
>
> i tried both procedures from a shell that is not in my relayclients,
> and qmail accepted the mails but then tried to deliver them to
> [EMAIL PROTECTED] and domain.ext!user
> which are non-existing users, so the mails ended up in the
> ~/alias/.qmail-default handling. so they were not forwarded to any
> external address (at least). so i wonder if your tester's final judgement:
> "You are running a Open Relay" is fully correct.
>
> so i wonder:
> 1. are those two "leaks" in the antirelay settings really a problem? and
> 2. how could i fix them.
>
> cheers
> wolfgang
>
>
>   Also sprach Sean C Truman <[EMAIL PROTECTED]> on
>   03.09.2000:
>
>   Hey all,
>
>   I have put together a small OPEN relay tester. It runs the same
>   test
>   ORBS runs.
>
>   http://www.prodigysolutions.com/relay_test.html
>
>

Re: Open relay test.

[wolfgang zeikat]

oops sorry,
that was rather a temporary netscape problem that didnt let me copy/paste.

  Also sprach wolfgang zeikat <[EMAIL PROTECTED]> on 03.09.2000:
  
  (*erm*, wouldnt it be easier if you could copy/paste from the
  results page
  without having to open the page source and seeing those *tons* of
  color/font tags? :)
  

Re: Open relay test.

[Magnus Bodin]

On Sun, Sep 03, 2000 at 09:49:19AM -0400, Sean C Truman wrote:
> Hey all,
> 
> I have put together a small OPEN relay tester. It runs the same test ORBS runs.
> 
> http://www.prodigysolutions.com/relay_test.html

It also states falsely that if a host that handles mail for the
"example.com" domain e.g. accepts 

  [EMAIL PROTECTED]
  [EMAIL PROTECTED]@example.com
  [EMAIL PROTECTED]

then it is an open relay although it isn't.

A TRUE relay tester must wait and see if the mail get's relayed due to
implementation/configuration.

/magnus

--
http://x42.com/

Re: Open relay test.

[wolfgang zeikat]

i tested your tester, thanks :)

(*erm*, wouldnt it be easier if you could copy/paste from the results page
without having to open the page source and seeing those *tons* of
color/font tags? :)

however, your test claims i am running an open relay due to these results:
   MAIL FROM:([EMAIL PROTECTED]@62.96.181.213)
   250 ok
   RCPT TO:("nobody%prodigysolutions.com")
   250 ok
   250 flushed
and
   MAIL FROM:([EMAIL PROTECTED]@62.96.181.213)
   250 ok
   RCPT TO:("prodigysolutions.com!nobody")
   250 ok
   250 flushed


i tried both procedures from a shell that is not in my relayclients,
and qmail accepted the mails but then tried to deliver them to
[EMAIL PROTECTED] and domain.ext!user
which are non-existing users, so the mails ended up in the
~/alias/.qmail-default handling. so they were not forwarded to any
external address (at least). so i wonder if your tester's final judgement:
"You are running a Open Relay" is fully correct.

so i wonder:
1. are those two "leaks" in the antirelay settings really a problem? and
2. how could i fix them.

cheers
wolfgang


  Also sprach Sean C Truman <[EMAIL PROTECTED]> on
  03.09.2000:
  
  Hey all,
  
  I have put together a small OPEN relay tester. It runs the same
  test
  ORBS runs.
  
  http://www.prodigysolutions.com/relay_test.html
  
  

Open relay test.

[Sean C Truman]

Hey all,
 
    I have put together a small OPEN 
relay tester. It runs the same test ORBS runs.
 
    http://www.prodigysolutions.com/relay_test.html
 
 
Sean Truman[EMAIL PROTECTED]http://www.prodigysolutions.com/

Re: Failed Relay test 6 ?

[petervd]

On Thu, Jan 27, 2000 at 11:46:19AM +0100, [EMAIL PROTECTED] wrote:
> On Thu, Jan 27, 2000 at 11:38:20AM +0100, Erwin van Kroonenburg wrote:
> > 
> > Hi,
> > 
> > I received a message from orbs.org that our mailhost is relay server. I 
> > thought I fixed the problem by installing ucspi-tcp-0.84 but when I checked 
> > our mailhost on http://www.abuse.net/relay.html I got the following relay 
> > error:
> > 
> > Relay test 6
> > >>> RSET
> > <<< 250 flushed
> > >>> MAIL FROM:
> > <<< 250 ok
> > >>> RCPT TO:
> > <<< 250 ok
> > 
> > Can anyone help me on this because I don't know what to do.
[snip]
> 
> So, get an abuse.net account and use _that_ to test, only to see that your
> host _is_ secure now :)

Luckily, the ORBS-tester is a bit more reliable than this. I marked your
host 'secure' at ORBS (after doing a bit of testing myself) and it's now
marked 'closed but pending retest', which is good :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

Failed Relay test 6 ?

[Erwin van Kroonenburg]

Hi,

I received a message from orbs.org that our mailhost is relay server. I 
thought I fixed the problem by installing ucspi-tcp-0.84 but when I checked 
our mailhost on http://www.abuse.net/relay.html I got the following relay 
error:

Relay test 6
>>> RSET
<<< 250 flushed
>>> MAIL FROM:
<<< 250 ok
>>> RCPT TO:
<<< 250 ok

Can anyone help me on this because I don't know what to do.

Regards,

Erwin van Kroonenburg
[EMAIL PROTECTED]

Re: Failed Relay test 6 ?

[petervd]

On Thu, Jan 27, 2000 at 11:38:20AM +0100, Erwin van Kroonenburg wrote:
> 
> Hi,
> 
> I received a message from orbs.org that our mailhost is relay server. I 
> thought I fixed the problem by installing ucspi-tcp-0.84 but when I checked 
> our mailhost on http://www.abuse.net/relay.html I got the following relay 
> error:
> 
> Relay test 6
> >>> RSET
> <<< 250 flushed
> >>> MAIL FROM:
> <<< 250 ok
> >>> RCPT TO:
> <<< 250 ok
> 
> Can anyone help me on this because I don't know what to do.

Read the note you see at the bottom:

--
Relay test result

Uh oh, host appeared to accept a message for relay.
That means it might or might not be an open relay. Some systems accept
relay mail, but then reject messages internally rather than delivering them.
You cannot tell if it is really an open relay without sending a test
message; this anonymous user test DID NOT send a test message.
--

So, get an abuse.net account and use _that_ to test, only to see that your
host _is_ secure now :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

Re: Failed a relay test?

[petervd]

On Thu, Dec 16, 1999 at 11:10:01AM -0600, Dustin Miller wrote:
> This is strange.  It's the third time I've received a similar message from
> someone.
> 
> I wasn't aware that, in the default config of qmail, you COULD relay mail.
> 
> Can someone tell me what I'm going wrong, or that their test for relaying is
> faulty?

As Dave said: Arrrh

More clearly: their test is faulty :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/womanizer/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++

OOPS: RE: Failed a relay test?

[Dustin Miller]

I was wrong.

It did not deliver.

Now I'm going to raise holy hell with [EMAIL PROTECTED]

Everyone, spam away.

Dustin

-Original Message-
From: Dustin Miller [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 16, 1999 11:24 AM
To: John White
Cc: [EMAIL PROTECTED]
Subject: RE: Failed a relay test?


Well, I wonder -- because e-mail was sent "apparently from" blah@localhost,
RCPT to someone at RR.COM.

And it delivered.

What happens if SpamCo decides to send mail from weluvspam@localhost to
everyone else in the free world using my mail server, seems like RR did it.

I DO allow relay from 127.0.0.1 and 192.168.0.1/24, not from anywhere else.

Dustin

-Original Message-
From: John White [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 16, 1999 11:19 AM
To: Dustin Miller
Subject: Re: Failed a relay test?


On Thu, Dec 16, 1999 at 11:16:13AM -0600, Dustin Miller wrote:
> Argh doesn't help much, Dave.
>
> My rcpthosts file only contains localhost, my domain name, and a virtual
> domain.  Nothing more.  qmail does, in fact, prohibit relaying by default,
> so I'm concerned about getting messages claiming that my mail server
allows
> open relaying.
>
> Why are you arghing?

Because the test is faulty, not because of you.

John

RE: Failed a relay test?

[Dustin Miller]

Well, I wonder -- because e-mail was sent "apparently from" blah@localhost,
RCPT to someone at RR.COM.

And it delivered.

What happens if SpamCo decides to send mail from weluvspam@localhost to
everyone else in the free world using my mail server, seems like RR did it.

I DO allow relay from 127.0.0.1 and 192.168.0.1/24, not from anywhere else.

Dustin

-Original Message-
From: John White [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 16, 1999 11:19 AM
To: Dustin Miller
Subject: Re: Failed a relay test?


On Thu, Dec 16, 1999 at 11:16:13AM -0600, Dustin Miller wrote:
> Argh doesn't help much, Dave.
>
> My rcpthosts file only contains localhost, my domain name, and a virtual
> domain.  Nothing more.  qmail does, in fact, prohibit relaying by default,
> so I'm concerned about getting messages claiming that my mail server
allows
> open relaying.
>
> Why are you arghing?

Because the test is faulty, not because of you.

John

RE: Failed a relay test?

[Dave Sill]

"Dustin Miller" <[EMAIL PROTECTED]> wrote:

>Argh doesn't help much, Dave.

Sorry.

>My rcpthosts file only contains localhost, my domain name, and a virtual
>domain.  Nothing more.  qmail does, in fact, prohibit relaying by default,
>so I'm concerned about getting messages claiming that my mail server allows
>open relaying.
>
>Why are you arghing?

Because I'm frustrated. These relaying tests are misleading. qmail
didn't actually relay any messages. Buried in the report they sent you
is the phrase "Your mail server, therefore, may be vulnerable to
third-party relay". The key word is "may".

They should either follow up possible positives on the first test with 
an actual relay attempt, or they should change their message to make
it very clear that there may not be any problems with your system.

-Dave

RE: Failed a relay test?

[Dustin Miller]

Argh doesn't help much, Dave.

My rcpthosts file only contains localhost, my domain name, and a virtual
domain.  Nothing more.  qmail does, in fact, prohibit relaying by default,
so I'm concerned about getting messages claiming that my mail server allows
open relaying.

Why are you arghing?

Dustin

-Original Message-
From: Dave Sill [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 16, 1999 11:14 AM
To: [EMAIL PROTECTED]
Subject: Re: Failed a relay test?


Aarrgghh!

-Dave

Re: Failed a relay test?

[Dave Sill]

Aarrgghh!

-Dave

Failed a relay test?

[Dustin Miller]

This is strange.  It's the third time I've received a similar message from
someone.

I wasn't aware that, in the default config of qmail, you COULD relay mail.

Can someone tell me what I'm going wrong, or that their test for relaying is
faulty?

Dustin

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 16, 1999 11:02 AM
To: administrator@[24.131.161.83]; postmaster@[24.131.161.83];
root@[24.131.161.83]
Subject: 24.131.161.83 has failed a mail relay test...



Road Runner Customer at 24.131.161.83,

On Thu Dec 16 12:01:43 EST 1999, Road Runner Security performed a test of
the mail server running on your machine. If you are receiving this message,
your mail server at 24.131.161.83 has failed one of more of our tests for
third-party relay (illustrated below). Your mail server, therefore, may be
vulnerable to third-party relay, and you should to act now to eliminate this
vulnerability. If you fail to do so, your are at increased risk of having
your server hijacked. Keep in mind that an open mail server which is
hijacked affects not only you, but has the potential to detrimentally affect
all of Road Runner.

An Internet mail server performs third-party relay when it processes a
message from a non-local sender to a non-local recipient. Junk e-mailers
abuse this capability at an alarming rate to greatly increase the amount of
spam or unsolicited e-mail they can deliver.

Please visit the site http://mail-abuse.org/tsi/ar-fix.html to learn how to
secure your mail server. If you have any questions regarding this procedure,
please e-mail [EMAIL PROTECTED] and we will do everything that we can to
assist you.

This test is performed as a proactive security measure for Road Runner
subscribers.  If you have any questions about this test, which was performed
by Road Runner Security, please contact [EMAIL PROTECTED]

Road Runner Security

--
*** 24.131.161.83 ***

Connecting to 24.131.161.83 ...
 <<< 220 wfdevelopment.com ESMTP
 >>> HELO hrnva-sec01.rr.com
 <<< 250 wfdevelopment.com
 >>> MAIL FROM:
 <<< 250 ok
 >>> RCPT TO:<[EMAIL PROTECTED]>
 >>> RSET
 <<< 250 flushed
 >>> MAIL FROM:
 <<< 250 ok
 >>> RCPT TO:<[EMAIL PROTECTED]>
 >>> RSET
 <<< 250 flushed
 >>> MAIL FROM:<>
 <<< 250 ok
 >>> RCPT TO:<[EMAIL PROTECTED]>
 >>> RSET
 <<< 250 flushed
 >>> MAIL FROM:
 <<< 250 ok
 >>> RCPT TO:<[EMAIL PROTECTED]>
 >>> RSET
 <<< 250 flushed
 >>> MAIL FROM:<[EMAIL PROTECTED]>
 <<< 250 ok
 >>> RCPT TO:<[EMAIL PROTECTED]>
 >>> RSET
 <<< 250 flushed
 >>> MAIL FROM:
 <<< 250 ok
 >>> RCPT TO:<[EMAIL PROTECTED]@[24.131.161.83]>
 <<< 250 ok
 >>> DATA
 <<< 354 go ahead
 >>> (message body)
 <<< 250 ok 945363799 qp 29925