Open-relay?

K

keefe007

Verified User
Joined
Dec 25, 2004
Messages
276
I seem to have been listed on njabl.org for being open-relay.

Here is what they say:

Code: 
From [email][email protected][/email]  Tue Mar 14 15:31:57 2006
Return-Path: <[email protected]>
Received: from seraph.techwarepc.com (seraph.techwarepc.com [12.37.6.6])
	by rt.njabl.org (8.11.6/8.11.6) with ESMTP id k2EKVuG16064
	for <[email protected]>; Tue, 14 Mar 2006 15:31:56 -0500
Date: Tue, 14 Mar 2006 15:31:56 -0500
Received: from rt2.njabl.org ([69.28.95.4])
	by seraph.techwarepc.com with esmtp (Exim 4.51)
	id 1FJGBP-0006Ef-4c
	for [email][email protected][/email]; Tue, 14 Mar 2006 14:31:55 -0600
X-RT-Subject: relaytest: 12.37.6.6
X-RT-From: [email][email protected][/email]
X-RT-To: [email][email protected][/email]
From: [email][email protected][/email]
To: [email][email protected][/email]
Message-id: <[email protected]>
Subject: relaytest: 12.37.6.6

This is an automated test message for the purpose of finding and
adding open relays to our dnsbl.  If you have any questions, see
[url]http://njabl.org/[/url]

How is this sneaking through the security on exim and in DA?
 
Here's the full test from njabl.org.

One noteworthly item is that the MX record for 'techwarepc.com' is pointed elsewhere so this server does not handle mail for it.

Code: 
admin@seraph:~$ telnet rt.njabl.org 2500
Trying 209.208.0.15...
Connected to rt.njabl.org.
Escape character is '^]'.

If you are excluded from testing, connect again on port 2501 to force the test.

re-testing 12.37.6.6


<<< 220 seraph.techwarepc.com ESMTP Exim 4.51 Wed, 15 Mar 2006 14:28:55 -0600
>>> EHLO rt.njabl.org
<<< 250-seraph.techwarepc.com Hello rt.njabl.org [209.208.0.15]
<<< 250-SIZE 104857600
<<< 250-PIPELINING
<<< 250-AUTH PLAIN LOGIN
<<< 250-STARTTLS
<<< 250 HELP
>>> MAIL FROM:<[email protected]>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 550 authentication required
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<[email protected]>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 550 authentication required
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<"[email protected]"@seraph.techwarepc.com>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 550 authentication required
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<relaytestsend>
<<< 501 <relaytestsend>: sender address must contain a domain
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<relaytestsend@localhost>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 550 authentication required
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 550 authentication required
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<relaytestsend@[12.37.6.6]>
<<< 501 <relaytestsend@[12.37.6.6]>: domain literals not allowed
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<[email protected]>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 550 authentication required
>>> RSET
<<< 250 Reset OK
>>> MAIL FROM:<[email protected]>
<<< 250 OK
>>> RCPT TO:<[email protected]>
<<< 250 Accepted
>>> DATA
<<< 354 Enter message, ending with "." on a line by itself
>>> X-RT-Subject: relaytest: 12.37.6.6
>>> X-RT-From: [email][email protected][/email]
>>> X-RT-To: [email][email protected][/email]
>>> From: [email][email protected][/email]
>>> To: [email][email protected][/email]
>>> Message-id: <[email protected]>
>>> Subject: relaytest: 12.37.6.6
>>> This is an automated test message for the purpose of finding and
>>> adding open relays to our dnsbl.  If you have any questions, see
>>> [url]http://njabl.org/[/url]
>>> -----BEGIN PGP MESSAGE-----

>>>
>>> hQEOA6y+u+WccJSVEAP/Qd76YqJNmWtvcVe3d74Umh8H1nGUXV6thd0ttQ8hW+1A
>>> YsGg/UFQcZBeIdMnMo87yclYV4kgIWitDyBf02VsyTEJs8kDJi4YtK2Gfvc0nsfn
>>> PzfITITKItctnl31SzYxN6bcM8HQ6x+ylSH4940E1/5Ebn3k4X3Qa3Pl0Q8MMiYD
>>> /2wi83WrbnD1pUKgVOQ616KZaOR7xlydaACSdnVzTZf3uDFpuHCZdeHb08Zp/LVA
>>> MfiCEAH/bcDrgHCdugP+yZ1Bjpf39I0PkcB60fTNnYEArXTTFZJre8++oUbKaC40
>>> P9WduAA4LDg1DQhfL6xLD2jw1D/RVuFhuxvT0nu19PYC0qIBxME6/cg/mKIImkGG
>>> 8qjlsAYBjYqBk1hWKaDGNGuhOfk2BBkpbbtO8NZB2+PgwpOIZXI9utEVcwBoV/YH
>>> ObycDUAEIj2v0a/02XJZsnfQ0BpPvy99O8djoCyURDyKw/XKWE0oJNB2Fsvh9/9R
>>> wEKer+owHy0pJ2zEGN2OozIS2tafjewHekEzLYLC6D9bN9wdaJC0yBQfdbl0SBUk
>>> 08xecOM=
>>> =7LnR
>>> -----END PGP MESSAGE-----
>>>
>>> .
<<< 250 OK id=1FJcc4-0004Qb-Rk
>>> QUIT
<<< 221 seraph.techwarepc.com closing connection
Connection closed by foreign host.
 
I take it that techwarepc.com is your domain?

You've most likely got it whitelisted in SpamBlocker.

As mentioned in previous threads, that's a no-no.

Jeff
 
You must log in or register to reply here.
Back
Top