Loading ...
Sorry, an error occurred while loading the content.

RE: Asking Open Relay

Expand Messages
  • Noel Jones
    ... You still haven t shown us evidence you are an open relay. The configuration you posted earlier doesn t appear to be an open relay and your log postings
    Message 1 of 13 , Aug 1, 2007
    • 0 Attachment
      At 06:22 PM 8/1/2007, Marky Yehezkiel wrote:
      > > Is this the same configuration that failed the relay test? We need
      >consistent information.
      >
      >Yes it is same configuration. And I never change mydestination or my
      >networks and I try from abuse.net/relay.html and from abuse.net/relay.html
      >there is option to input your email account (register first to
      >new@...) or using anonymous mode and If I choose anonymous mode relay
      >test is successful my MX doesn't open relay but if I put my email account
      >relay test is failed my MX become open relay. I assumed that because my
      >email domain has MX in the MX that I tested and if I delete my email domain
      >from relay_domains the relay test is success abuse.net couldn't send test
      >email via my MX to my email account. Also can you show me the right
      >configuration of main.cf for restricting become open relay? Thank you

      You still haven't shown us evidence you are an open relay. The
      configuration you posted earlier doesn't appear to be an open relay
      and your log postings were incomplete.

      The documentation describes how postfix decides to relay, and the
      logs show what postfix has done.
      http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
      http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
      http://www.postfix.org/SMTPD_ACCESS_README.html#relay

      Good luck.

      --
      Noel Jones
    • Sebastian Ries
      Hi ... Once I had a working postfix configuration but suddenly it became an open relay... After some houres of searching I found out that someone misconfigured
      Message 2 of 13 , Aug 2, 2007
      • 0 Attachment
        Hi

        Am Donnerstag, 2. August 2007 01:22 schrieb Marky Yehezkiel:
        > > Is this the same configuration that failed the relay test? We need
        >
        > consistent information.
        >
        > Yes it is same configuration. And I never change mydestination or my
        > networks and I try from abuse.net/relay.html and from abuse.net/relay.html
        > there is option to input your email account (register first to
        > new@...) or using anonymous mode and If I choose anonymous mode relay
        > test is successful my MX doesn't open relay but if I put my email account
        > relay test is failed my MX become open relay. I assumed that because my
        > email domain has MX in the MX that I tested and if I delete my email domain
        > from relay_domains the relay test is success abuse.net couldn't send test
        > email via my MX to my email account. Also can you show me the right
        > configuration of main.cf for restricting become open relay? Thank you

        Once I had a working postfix configuration but suddenly it became an open
        relay...
        After some houres of searching I found out that someone misconfigured the
        firewall:
        The NAT table for the mail server dir source AND destination NAT in both
        directions. So all the connections to the mailserver seemed to come from the
        internel interface of the firewall -> part of mynetworks :-/

        Have a look at such things too.

        Regards
        Sebastian Ries

        --
        ------------------------------------------------------------
        DT Netsolution GmbH - Talaeckerstr. 30 - D-70437 Stuttgart
        Tel: +49-711-849910-36 Fax: +49-711-849910-936
        WEB: http://www.dtnet.de/ email: Sebastian.Ries@...
      • Marky Yehezkiel
        ... Hi, Thank you for your comment and this is when I try from abuse.net/relay.html : Mail relay testing Connecting to 203.80.8.36 for registered user test ...
        Message 3 of 13 , Aug 2, 2007
        • 0 Attachment
          >You still haven't shown us evidence you are an open relay. The
          >configuration you posted earlier doesn't appear to be an open relay
          >and your log postings were incomplete.

          Hi, Thank you for your comment and this is when I try from
          abuse.net/relay.html :

          Mail relay testing
          Connecting to 203.80.8.36 for registered user test ...
          <<< 220 smtp2.satnetcom.com ESMTP Postfix
          >>> HELO www.abuse.net
          <<< 250 smtp2.satnetcom.com


          Relay test 1
          >>> RSET
          <<< 250 Ok
          >>> MAIL FROM:<spamtest@...>
          <<< 250 Ok
          >>> RCPT TO:<marky@...>
          <<< 250 Ok
          >>> DATA
          <<< 354 End data with <CR><LF>.<CR><LF>
          >>> (message body)
          <<< 250 Ok: queued as 133BA2676EB

          Relay test result
          Hmmn, at first glance, host appeared to accept a message for relay.
          THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

          Some systems appear to accept relay mail, but then reject messages
          internally rather than delivering them, but you cannot tell at this point
          whether the message will be relayed or not.

          If it is really an open relay, the test message will be delivered to you. If
          you do not receive the test message in your e-mail in the next few hours, it
          IS NOT an open relay.

          And queue ID is 133BA2676EB and from my mailserver log :

          Aug 3 09:44:42 smtp2 postfix/smtpd[33877]: 133BA2676EB:
          client=www.abuse.net[208.31.42.77]
          Aug 3 09:44:42 smtp2 postfix/cleanup[34459]: 133BA2676EB:
          message-id=<rlytest-1186104676-99995@...>
          Aug 3 09:44:42 smtp2 postfix/qmgr[223]: 133BA2676EB:
          from=<spamtest@...>, size=1125, nrcpt=1 (queue active)
          Aug 3 09:44:45 smtp2 postfix/smtp[34352]: 133BA2676EB:
          to=<marky@...>, relay=127.0.0.1[127.0.0.1], delay=5, status=sent
          (250 2.6.0 Ok, id=34400-03, from MTA([127.0.0.1]:10025): 250 Ok: queued as
          353B6267428)
          Aug 3 09:44:45 smtp2 postfix/qmgr[223]: 133BA2676EB: removed

          Aug 3 09:44:45 smtp2 postfix/smtpd[34360]: 353B6267428:
          client=localhost[127.0.0.1]
          Aug 3 09:44:45 smtp2 postfix/cleanup[34481]: 353B6267428:
          message-id=<rlytest-1186104676-99995@...>
          Aug 3 09:44:45 smtp2 postfix/qmgr[223]: 353B6267428:
          from=<spamtest@...>, size=1720, nrcpt=1 (queue active)
          Aug 3 09:44:45 smtp2 postfix/smtp[34352]: 133BA2676EB:
          to=<marky@...>, relay=127.0.0.1[127.0.0.1], delay=5, status=sent
          (250 2.6.0 Ok, id=34400-03, from MTA([127.0.0.1]:10025): 250 Ok: queued as
          353B6267428)
          Aug 3 09:44:45 smtp2 postfix/smtp[34220]: 353B6267428:
          to=<marky@...>, relay=mail.satnetcom.com[203.80.8.39], delay=0,
          status=sent (250 Ok: queued as 7B9505C39B)
          Aug 3 09:44:45 smtp2 postfix/qmgr[223]: 353B6267428: removed

          From abuse.net notification said that : If it is really an open relay, the
          test message will be delivered to you. If you do not receive the test
          message in your e-mail in the next few hours, it IS NOT an open relay.

          And I able received their test message and here is the contain of the email:

          This is a test of third-party mail relay, generated via the Network Abuse
          Clearinghouse at http://www.abuse.net

          Target host = 203.80.8.36 smtp2.satnetcom.net.id
          Test performed by <marky@...> from 203.80.14.242

          A well-configured mail server should NOT relay third-party email.
          Otherwise, the server is subject to abuse by vandals and spammers, and
          probable blacklisting by recipients of the unwanted third-party e-mail.

          For information on how to secure a mail server against third-party relay,
          visit <URL: http://www.mail-abuse.com/support/an_sec3rdparty.html>.

          Because my IP was blacklist by dsbl.org and from the log I saw from outside
          my network made my IP listed by sending email via my mailserver to
          listme@dsbl please see from dsbl history :

          Received: from localhost (localhost [127.0.0.1]) by smtp2.satnetcom.com
          (Postfix) with ESMTP id E82B6267486 for <listme@...>; Thu, 19
          Jul 2007 23:12:44 +0000 (UTC)
          X-Virus-Scanned: amavisd-new at satnetcom.com
          Received: from smtp2.satnetcom.com ([127.0.0.1]) by localhost
          (smtp2.satnetcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
          t-XhWs7n-mcP for <listme@...>; Thu, 19 Jul 2007 23:12:44 +0000
          (UTC)
          Received: from noc.mediationtelecom.net (noc.saveho.com [84.96.74.32]) by
          smtp2.satnetcom.com (Postfix) with SMTP id B99F4267477 for
          <listme@...>; Thu, 19 Jul 2007 23:12:43 +0000 (UTC)
          Message-ID: <RG8ki64PuzeJyh58osSn3rKe14bjMRX2@...>
          Date: Thu, 19 Jul 2007 14:57:04 +0000
          To: <listme@...>
          Subject: Open Relay Test Message
          From: postmaster@...


          This message is a test of your mail server to determine if
          it will perform relaying (re-sending) of e-mail messages
          for unauthorized outside parties. This capability, if
          enabled in your mail server, is widely considered to be
          serious flaw in mail server security.

          Your mail server is being tested for relaying capability
          because we have received mail from it and wish to determine
          its likelihood to be abused by spammers.

          Received: from localhost (localhost [127.0.0.1]) by smtp2.satnetcom.com
          (Postfix) with ESMTP id E82B6267486 for <listme@...>; Thu, 19
          Jul 2007 23:12:44 +0000 (UTC)
          X-Virus-Scanned: amavisd-new at satnetcom.com
          Received: from smtp2.satnetcom.com ([127.0.0.1]) by localhost
          (smtp2.satnetcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
          t-XhWs7n-mcP for <listme@...>; Thu, 19 Jul 2007 23:12:44 +0000
          (UTC)
          Received: from noc.mediationtelecom.net (noc.saveho.com [84.96.74.32]) by
          smtp2.satnetcom.com (Postfix) with SMTP id B99F4267477 for
          <listme@...>; Thu, 19 Jul 2007 23:12:43 +0000 (UTC)
          Message-ID: <RG8ki64PuzeJyh58osSn3rKe14bjMRX2@...>
          Date: Thu, 19 Jul 2007 14:57:04 +0000
          To: <listme@...>
          Subject: Open Relay Test Message
          From: postmaster@...

          This message is a test of your mail server to determine if
          it will perform relaying (re-sending) of e-mail messages
          for unauthorized outside parties. This capability, if
          enabled in your mail server, is widely considered to be
          serious flaw in mail server security.

          Your mail server is being tested for relaying capability
          because we have received mail from it and wish to determine
          its likelihood to be abused by spammers

          Please advice. Thank you
        • Evan Platt
          ... Unless I m misunderstanding... When you go to abuse.net, you need to register a e-mail address on ANOTHER server, ie yourname@yahoo.com,
          Message 4 of 13 , Aug 2, 2007
          • 0 Attachment
            At 06:37 PM 8/2/2007, Marky Yehezkiel wrote:
            > >You still haven't shown us evidence you are an open relay. The
            > >configuration you posted earlier doesn't appear to be an open relay
            > >and your log postings were incomplete.
            >
            >Hi, Thank you for your comment and this is when I try from
            >abuse.net/relay.html :
            >
            >Mail relay testing
            >Connecting to 203.80.8.36 for registered user test ...
            ><<< 220 smtp2.satnetcom.com ESMTP Postfix
            > >>> HELO www.abuse.net
            ><<< 250 smtp2.satnetcom.com
            >
            >
            >Relay test 1
            > >>> RSET
            ><<< 250 Ok
            > >>> MAIL FROM:<spamtest@...>
            ><<< 250 Ok
            > >>> RCPT TO:<marky@...>
            ><<< 250 Ok
            > >>> DATA
            ><<< 354 End data with <CR><LF>.<CR><LF>
            > >>> (message body)
            ><<< 250 Ok: queued as 133BA2676EB
            >
            >Relay test result
            >Hmmn, at first glance, host appeared to accept a message for relay.
            >THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY.

            Unless I'm misunderstanding... When you go to abuse.net, you need to
            register a e-mail address on ANOTHER server, ie yourname@...,
            yourname@... . You are attempting to send mail to
            satnetcom.com ON satnetcom.com . Of course the machine is going to accept it.
          • Marky Yehezkiel
            ... it. Maybe I m misunderstanding too with this sentence :D from abuse.net : If it is really an open relay, the test message will be delivered to you. If you
            Message 5 of 13 , Aug 2, 2007
            • 0 Attachment
              > Unless I'm misunderstanding... When you go to abuse.net, you need to
              > register a e-mail address on ANOTHER server, ie yourname@...,
              > yourname@... . You are attempting to send mail to
              > satnetcom.com ON satnetcom.com . Of course the machine is going to accept
              it.

              Maybe I'm misunderstanding too with this sentence :D from abuse.net :
              If it is really an open relay, the test message will be delivered to you. If
              you do not receive the test message in your e-mail in the next few hours, it
              IS NOT an open relay.

              So it's mean that if I didn't received any email from abuse after test
              message my mailserver isn't open relay but in this case I received email
              from abuse.net when I did test so it's mean my mailserver able to become
              open relay? As I mention from my previous email my mailserver was listed by
              someone from outside through sent email from my mailserver as postmaster to
              dsbl.org and this is annoying me :( or maybe I got misunderstanding on this.
            • Evan Platt
              ... You are testing the mail server that handles mail for satnetcom.com , correct? And the e-mail address you used on abuse.net is a @satnetcom.com address,
              Message 6 of 13 , Aug 2, 2007
              • 0 Attachment
                At 08:21 PM 8/2/2007, Marky Yehezkiel wrote:
                > > Unless I'm misunderstanding... When you go to abuse.net, you need to
                > > register a e-mail address on ANOTHER server, ie yourname@...,
                > > yourname@... . You are attempting to send mail to
                > > satnetcom.com ON satnetcom.com . Of course the machine is going to accept
                >it.
                >
                >Maybe I'm misunderstanding too with this sentence :D from abuse.net :
                >If it is really an open relay, the test message will be delivered to you. If
                >you do not receive the test message in your e-mail in the next few hours, it
                >IS NOT an open relay.
                >
                >So it's mean that if I didn't received any email from abuse after test
                >message my mailserver isn't open relay but in this case I received email
                >from abuse.net when I did test so it's mean my mailserver able to become
                >open relay? As I mention from my previous email my mailserver was listed by
                >someone from outside through sent email from my mailserver as postmaster to
                >dsbl.org and this is annoying me :( or maybe I got misunderstanding on this.

                You are testing the mail server that handles mail for satnetcom.com , correct?

                And the e-mail address you used on abuse.net is a @...
                address, correct?

                Why would the satnetcom.com mail server NOT accept mail for a
                satnetcom.com address?

                No offense, but if this doesn't make sense to you, you shouldn't be
                running a mail server.
              • Evan Platt
                ... http://www.abuse.net/relay.html Registered user mode attempts to relay a message through the server to be tested. You must be a registered abuse.net user,
                Message 7 of 13 , Aug 2, 2007
                • 0 Attachment
                  At 08:23 PM 8/2/2007, Evan Platt wrote:

                  >You are testing the mail server that handles mail for satnetcom.com , correct?
                  >
                  >And the e-mail address you used on abuse.net is a @...
                  >address, correct?
                  >
                  >Why would the satnetcom.com mail server NOT accept mail for a
                  >satnetcom.com address?
                  >
                  >No offense, but if this doesn't make sense to you, you shouldn't be
                  >running a mail server.

                  http://www.abuse.net/relay.html

                  "Registered user mode attempts to relay a message through the server
                  to be tested. You must be a registered abuse.net user, and the
                  relayed message will be addressed to you. If you're testing a server
                  that accepts mail for your e-mail address, abuse.net can generate a
                  temporary alias in the abuse.net domain that will be forwarded to you. "
                • Marky Yehezkiel
                  ... Thank you for the explanation :) that s my misunderstanding and I m still newbie and need learn more and also because I am still couldn t found how come my
                  Message 8 of 13 , Aug 2, 2007
                  • 0 Attachment
                    >And the e-mail address you used on abuse.net is a @...
                    >address, correct?

                    >Why would the satnetcom.com mail server NOT accept mail for a
                    >satnetcom.com address?

                    >No offense, but if this doesn't make sense to you, you shouldn't be
                    >running a mail server.

                    Thank you for the explanation :) that's my misunderstanding and I'm still
                    newbie and need learn more and also because I am still couldn't found how
                    come my mailserver was listed to dsbl.org and after look at dsbl.org I found
                    these from header of email that sent to dsbl :

                    Received: from localhost (localhost [127.0.0.1]) by smtp2.satnetcom.com
                    (Postfix) with ESMTP id E82B6267486 for <listme@...>; Thu, 19
                    Jul 2007 23:12:44 +0000 (UTC)
                    X-Virus-Scanned: amavisd-new at satnetcom.com
                    Received: from smtp2.satnetcom.com ([127.0.0.1]) by localhost
                    (smtp2.satnetcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id
                    t-XhWs7n-mcP for <listme@...>; Thu, 19 Jul 2007 23:12:44 +0000
                    (UTC)
                    Received: from noc.mediationtelecom.net (noc.saveho.com [84.96.74.32]) by
                    smtp2.satnetcom.com (Postfix) with SMTP id B99F4267477 for
                    <listme@...>; Thu, 19 Jul 2007 23:12:43 +0000 (UTC)
                    Message-ID: <RG8ki64PuzeJyh58osSn3rKe14bjMRX2@...>
                    Date: Thu, 19 Jul 2007 14:57:04 +0000
                    To: <listme@...>
                    Subject: Open Relay Test Message
                    From: postmaster@...



                    This message is a test of your mail server to determine if
                    it will perform relaying (re-sending) of e-mail messages
                    for unauthorized outside parties. This capability, if
                    enabled in your mail server, is widely considered to be
                    serious flaw in mail server security.

                    Your mail server is being tested for relaying capability
                    because we have received mail from it and wish to determine
                    its likelihood to be abused by spammers.

                    If I didn't misunderstanding again :) my mailserver was used as smtp of this
                    IP 84.96.74.32 to listed my mailserver to dsbl correct? And if it is used I
                    am still not found what the problem is. Please advice on this. Thank you
                  Your message has been successfully submitted and would be delivered to recipients shortly.