Relaying..

DigitalIsles

Verified User
Joined
Jul 26, 2003
Messages
16
Location
South Florida
All,

I have a customer who was the victim of someone relaying through his server.

It appears as if the person/people were able to relay through his machine by using a from address that was on his domain.

It was my understanding that you had to authenticate for ALL outbound mail, regardless of your "from" address.

Can someone help us our here?

-Robert
 
Hello,

Relaying requires that you either authenticate using smtp auth, or the user must authenticate through pop to get their ip on the relaying list. I'm not sure how this would have happen without either of these two things. If you send an email to [email protected] with your client and server information, we can look into the matter further.

John
 
-----------------------------------------------------------
Note: it was a false alarm - if you have no time
to read through - just ignore this thread. Thanks
-----------------------------------------------------------


Well, I happen to be a "victim of this assault" =)

Just another proof that you should never ever do
anything important when you are tired, stressed,
overworked (or under influence). Yesterday I was
busy tackling two other problems when client called
up complaining that all mails he sent are bouncing
with 553. I have connected to our server, opened
exim log and found some entries like that:

[email protected] <[email protected]>

aha (thinking 2 myself) we are in troubles (not
even boothering to check <= vs =>) - bad guys
used us as relay and we got on the list.

So I run few relay tests against ultima.co.th
and got:

(excerpt)
To: spammer%[email protected]
From: [email protected]
<<< 250 Reset OK
>>>> MAIL FROM:
<<< 250 is syntactically correct
>>>> RCPT TO:
<<< 250 is syntactically correct
>>>> DATA
<<< 354 Enter message, ending with "." on a line by itself
>>>> MESSAGE
<<< 250 OK id=19iYnE-00073t-00
SUCCESS

Relay Accepted - final response code 250

If you dont recieve it then its not a relay (Its still a Bad Thing (TM) that it accepted)
Check your email

(mind last three lines - I didn't)

Ouch, we r fsckd -what to do ? OK, SMTP AUTH
will be the best (at least no mess with client's
authentication). So, I picked latest Exim, and
cyrus-sasl for pwcheck, compiled, installed, and
started hacking up the new config file for exim,
but it was a hard day, so I have fallen asleep.

Next day I got friendly message from Robert
asking for details (I reported it the previous
day). So, I sat to collect "the evidence", opened
logfiles and started reading. Guess, that is what
I should have done the day before - logs were
clean.

Thanks to Robert and DA Support for prompt
response. I am glad that I have followed advice
from Robert any gave a try to DA. Even with
some shortcomings of a fresh product this is
the best CP out of four - I have tried so far.

One last question - I still can't figure what
is causing that this single user can not sent
anything, and is being dismissed by Exim with
relaying denied. What should I check ?

<domu>
 
Depends on what method he's using for authentication. If smtp auth, just make sure he's using the right login name, and for popb4smtp, make sure he checks for new mail with pop before trying to send any. If you keep having troubles, send us an email to [email protected]

John
 
Back
Top