allowing relay?

S

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
428
Hi All,

One of my clients has a small email client that has a feature called "Check If I AM a SPAMMER".

It will sent an email to yourself.

Here is the response in the logs:

server.somedomain.com:/var/log/exim # less mainlog
2010-04-25 14:09:23 login authenticator failed for 11-22-189-218.bb.isp.net (myputer) [11.22.189.218]: 535 Incorrect
authentication data ([email protected])
2010-04-25 14:09:23 1O5ziF-0007Nm-1J <= [email protected] H=11-22-189-218.bb.isp.net (myputer) [11.22.189.218] P=e
smtp S=1120 T="Selftest email for Am I a spammer?" from <[email protected]> for [email protected]
2010-04-25 14:09:23 1O5ziF-0007Nm-1J => lior <[email protected]> F=<[email protected]> R=virtual_user T=virtual_localdelivery
S=1237
2010-04-25 14:09:23 1O5ziF-0007Nm-1J Completed


So it seems that it was captured as a non-authenticated user and as such should have been rejected.
Well, the email got through to mailbox.
So I'm confused about what is going on with this scenario.

Any pointers?

-Alon.
 
I think you are confused as to what a relay is.

In your example you sent an email using the destination server and that server accepted it. That is not amazing. The server accepted email that it was supposed to accept. It is the destination server.

A relay on the other hand is when a server is used to send email that it does not host. A proper test would be to use that server to send unauthenticated email to a gmail account or yahoo or whatever.
 
floyd said:
I think you are confused as to what a relay is.

In your example you sent an email using the destination server and that server accepted it. That is not amazing. The server accepted email that it was supposed to accept. It is the destination server.

A relay on the other hand is when a server is used to send email that it does not host. A proper test would be to use that server to send unauthenticated email to a gmail account or yahoo or whatever.
Click to expand...

Thanks for the quick response.

I prob confusing the issues, but I'm not clear on the explanation:

If I'm trying to email to myself or another, using my server, but I'm providing wrong password, I thought that the email will not be even accepted, and I would be rejected.
The scenario as I have it,. is that it tells me that "you have the wrong credentials, but I'll still accept your email and put it into the owner's mailbox".
Can this behavior be rejected and blocked?
Can this behavior be exploited to spam out?

Thanks,

-Alon.
 
If that were true, then no one could send mail to your server. The check isn't done for mail hosted locally.

Jeff
 
jlasman said:
If that were true, then no one could send mail to your server. The check isn't done for mail hosted locally.

Jeff
Click to expand...

Hi Jeff,

Just so that I'll understand:

If I want to spam-blast someone, all I need to know is their mail server and then send them emails with a small program that replaces the mail.domain.com and the email address?

Somehow that doesn't make much sense. So I can blast nobaloney with spam?

-Alon.
 
Somehow that doesn't make much sense.
Click to expand...

So you want everybody that sends you email to also authenticate themselves first with a username and password? Does that make much sense to you?

I am trying to understand the logic of how you think mail should work.
 
floyd said:
So you want everybody that sends you email to also authenticate themselves first with a username and password? Does that make much sense to you?

I am trying to understand the logic of how you think mail should work.
Click to expand...

I'll explain it again:

I have a small mail client utility that sends a test email to my account.
What is the SMTP server it uses to email?
Is it sending the mail 'out of the blue'?
It should use some SMTP server,. right?

Should I be able to email TO YOUR mailbox on YOUR server, where I do not have an email account, nor do I do any hosting on YOUR server, and yet, by entering YOUR smtp information (just correct Mail Server and Username, but false/wrong password) in my email client, I should be able to email you?

In my opinion, I should not be able to user YOUR SMTP server to email YOU, or anyone, but that's just my opinion.

Does this makes it clearer?

-Alon.
 
In my opinion, I should not be able to use YOUR SMTP server to email YOU, or anyone, but that's just my opinion.
Click to expand...

So how is my email server supposed to know the difference? All it knows is that it is receiving email that it is supposed to accept because it is the destination.

What is my email server supposed to check for before it accepts mail for a domain that it hosts? Its not relaying mail. Its receiving a request to deliver email to itself.

If you try to use my mailserver to send me email you also have to pass all the other normal spam checks that all email has to pass. If you are on a dynamic ip then you will probably not be able to use my server to send me email.
 
floyd said:
So how is my email server supposed to know the difference? All it knows is that it is receiving email that it is supposed to accept because it is the destination.

What is my email server supposed to check for before it accepts mail for a domain that it hosts? Its not relaying mail. Its receiving a request to deliver email to itself.

If you try to use my mailserver to send me email you also have to pass all the other normal spam checks that all email has to pass. If you are on a dynamic ip then you will probably not be able to use my server to send me email.
Click to expand...

So just so I'll be clear, if a spammer has a server with static IP, and he has a program that rotates the values in the SMTP server name for each domain, then he can 'push' spam into your mailboxes?

I thought that having a non-authoritive user trying to send an email (locally to outside) through your SMTP server, would be rejected.
But, If I understand you correctly, the non-authoritive rejection would only apply to sending to outside emails, whereas if the target is on the same server, it will accept the email/spam etc.
So if someone wants to flood my server with junk, there is not much that I can do against it.

-Alon.
 
Yes. If a spammer does an mx lookup on every email address he's trying to spam, and delivers to that email address, and if he passes all the other spam checks on the server, he can spam you.

However one of the newest checks is that his server has a verifiable HELO stanza which has rDNS which then points back to his machine with DNS. Unless he's using port 587 which requires authentication.

While we're already having problems with authenticating using port 587 because of some/many/all cellphones, as Floyd all too well knows (he's researching it for all of us), locking down all port 25 mail (which is what you think we should do) will mean no-one can send you email. No-one. From any machine in the world.

There's always a tradeoff between availability and security. For absolute security simply unplug your server from the 'net. That will mean no availability for anyone but a local user with keyboard and monitor, but it will certainly make it more secure.

Perhaps we're lucky that spammers aren't working to use each user's MX server to send spam, but even if they did, chances are our other spam-blocking tests will help control them.

In the meantime, you're the thread-starter, Alon, and you named the thread allowing relay?. I can just say "no, delivering to you on your own server involves no relay at all," and close the thread.

Would that be a suitable response ;) ?

Jeff
 
Hi Floyd and Jeff,

I think this was a very good discussion thread and one that clarified (at least to me) much of the 'how things work' of the SMTP, that were (to me) unclear.
I may have over-drilled with simplification questions, but I got the full answer now :), and I hope this does clarify for others (if they hit the same subject).

Thanks guys,. and yes, this ends my thread :)

-Alon
 
You must log in or register to reply here.
Back
Top