Page 1 of 1
Project Gamera
Posted: Fri Dec 17, 2004 5:53 pm
by stephen
Scott;
Ran into a problem have 2 GP boxes running, we have been listed as an open relay, i can replicate issue by telnet host 25
helo
mail from:
someluser@domain.com
rcpt to: "
anotheremail@domain.com"@ourdomain.com
data
blah blah
.
drawing blanks cant think of a way to stop it.
Posted: Fri Dec 17, 2004 11:53 pm
by scott
are you sure its an open relay? there are some false positive reports you'll get from some of the automated scanners
Posted: Mon Dec 20, 2004 7:04 am
by stephen
Scott;
I have sent a test email using what i listed above except i used your email address to perform this. let me know what you think, i am not sure what to do but soon our users are going to start getting blocked.
Posted: Mon Dec 20, 2004 10:47 am
by scott
I didnt get anything
Posted: Tue Dec 21, 2004 10:34 am
by cormander
Another false posotive, is this:
helo
mail from:
corman@mydomain.com
rcpt to: corman%yourdomain.com
data
blah blah
.
There is the "percent hack" patch for qmail to make this give the rcpthosts error, perhaps there is a patch for your false posotive as well?
Systems that detect "open relays" should really actually attempt delivery of a message, and not assume that since the server said "ok", that it's going to actually deliver it.
But this isn't a perfect world.
-Corey
Posted: Tue Dec 21, 2004 11:55 am
by stephen
well unfortunately ordb.org ran a test and recieved its message back maybe i fixed it...... not sure what the hell i did. :/ sometimes i really hate email.
Posted: Tue Dec 21, 2004 1:29 pm
by stephen
Just re-tested and still an open relay, now even though qmail-showctl shows percent hack not allowed it appears to be allowing this :/ any ideas the servers are only responding for 2 main domains and thats reflected in rcpthosts file and smtproute.
Posted: Wed Dec 22, 2004 4:34 pm
by scott
Honestly Id have to see the system first hand, sounds like some mistakes in the configuration somewhere.