FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-12-2008, 07:33 PM
Jerry Geis
 
Default close open relay

hi all, running centos 4.7 i686.

I seem to have an o pen r elay sendmail server.
How do I close it?

I have the STRAIGHT centos install sendmail.mc file.
Only thing I changed was:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

so as to allow incoming email and not just localhost. however this seems
to relay everyone.


I looked at http://www.sendmail.org/tips/relaying but it just talks
about (AFIKT)

enabling specific relays to occur - not how to CLOSE the relaying.

How do I close the relay?

Jerry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 07:43 PM
"Bernard 'Tux' Lheureux"
 
Default close open relay

Jerry Geis wrote:

I have the STRAIGHT centos install sendmail.mc file.
Only thing I changed was:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

It should be:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')

M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici :
http://www.aful.org/ressources/documentations/msie-problemes-securite/

--
(°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML
// http://www.bbsoft4.org/Mailinglists.htm ** MailTo:root@bbsoft4.org
v_/_ http://www.bbsoft4.org/ <<<<<< () >>>>> http://www.portalinux.org

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 07:44 PM
MHR
 
Default close open relay

On Wed, Nov 12, 2008 at 12:33 PM, Jerry Geis <geisj@pagestation.com> wrote:
> hi all, running centos 4.7 i686.
>
> I seem to have an o pen r elay sendmail server.
> How do I close it?
>
> I have the STRAIGHT centos install sendmail.mc file.
> Only thing I changed was:
> dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
>
> so as to allow incoming email and not just localhost. however this seems to
> relay everyone.
>
> I looked at http://www.sendmail.org/tips/relaying but it just talks about
> (AFIKT)
> enabling specific relays to occur - not how to CLOSE the relaying.
>
> How do I close the relay?
>

Google is your friend - look for "closing an open relay...."

:-)

mhr
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 07:50 PM
Jerry Geis
 
Default close open relay

It should be:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')


I changed it to this and restarted sendmail, re-ran the test and still open.

Jerry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 08:02 PM
MHR
 
Default close open relay

On Wed, Nov 12, 2008 at 12:43 PM, Bernard 'Tux' Lheureux
<bernard.lheureux@bbsoft4.org> wrote:
>
> M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici :
> http://www.aful.org/ressources/documentations/msie-problemes-securite/

This is a really good read. If you don't speak/read French, use
google to locate the page (copy the URL into the search bar) and
select a translator. It's not perfect (doesn't understand French
grammar, which is a little different from English), but it's easy to
figure out the discrepancies.

Thanks, Tux!

mhr
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 08:44 PM
Jerry Geis
 
Default close open relay

lists-centos wrote:

You have to have changed more than just the sendmail.mc/cf to make a
default centos sendmail setup an open mail relay.

Your /etc/mail/access file is where things are defined as to what
you relay for. The /etc/mail/local-host-names effects what you
accept mail for.

Make certain that what you're using to test that's it's an open
relay is reporting things correctly. There's a difference between
sendmail being "open" (accepting mail from the outside) and an "open
relay". The former is expected from a mail server, the latter is a
problem.

I use:

<http://verify.abuse.net/cgi-bin/relaytest>

which runs through a range of tests. I tried it against your
24.123.23.170 mail server a few min. ago and all was fine.

- Rick

------------ Original Message ------------


Date: Wednesday, November 12, 2008 03:33:11 PM -0500
From: Jerry Geis <geisj@pagestation.com>
To: CentOS ML <centos@centos.org>
Subject: [CentOS] close open relay

hi all, running centos 4.7 i686.

I seem to have an o pen r elay sendmail server.
How do I close it?

I have the STRAIGHT centos install sendmail.mc file.
Only thing I changed was:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

so as to allow incoming email and not just localhost. however this
seems to relay everyone.

I looked at http://www.sendmail.org/tips/relaying but it just
talks about (AFIKT)
enabling specific relays to occur - not how to CLOSE the relaying.

How do I close the relay?

Jerry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



------------ End Original Message ------------





When I run the following I get broken web page:

http://verify.abuse.net/cgi-bin/relaytest


I am getting investigating all this as I am getting return emails
from sbcglobal that I am spam.


Jerry



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 09:08 PM
Jerry Geis
 
Default close open relay

lists-centos wrote:

sorry, the start page is:

<http://www.abuse.net/relay.html>


look at the headers of the original messages (probably included as
attachments) that sbcglobal is sending back. it's very possible that
a spammer has forged an address from your machine on their outbound
spam, and sbcglobal is bouncing that, (rather than rejecting,
because they haven't a clue), generating scatter-back spam.


- Rick

------------ Original Message ------------


Date: Wednesday, November 12, 2008 04:44:02 PM -0500
From: Jerry Geis <geisj@pagestation.com>
To: CentOS ML <centos@centos.org>
Subject: Re: [CentOS] close open relay

lists-centos wrote:


You have to have changed more than just the sendmail.mc/cf to
make a default centos sendmail setup an open mail relay.

Your /etc/mail/access file is where things are defined as to what
you relay for. The /etc/mail/local-host-names effects what you
accept mail for.

Make certain that what you're using to test that's it's an open
relay is reporting things correctly. There's a difference between
sendmail being "open" (accepting mail from the outside) and an
"open relay". The former is expected from a mail server, the
latter is a problem.

I use:

<http://verify.abuse.net/cgi-bin/relaytest>

which runs through a range of tests. I tried it against your
24.123.23.170 mail server a few min. ago and all was fine.

- Rick

------------ Original Message ------------



Date: Wednesday, November 12, 2008 03:33:11 PM -0500
From: Jerry Geis <geisj@pagestation.com>
To: CentOS ML <centos@centos.org>
Subject: [CentOS] close open relay

hi all, running centos 4.7 i686.

I seem to have an o pen r elay sendmail server.
How do I close it?

I have the STRAIGHT centos install sendmail.mc file.
Only thing I changed was:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

so as to allow incoming email and not just localhost. however
this seems to relay everyone.

I looked at http://www.sendmail.org/tips/relaying but it just
talks about (AFIKT)
enabling specific relays to occur - not how to CLOSE the
relaying.

How do I close the relay?

Jerry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



------------ End Original Message ------------






When I run the following I get broken web page:

http://verify.abuse.net/cgi-bin/relaytest


I am getting investigating all this as I am getting return emails
from sbcglobal that I am spam.

Jerry



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



------------ End Original Message ------------






Sure enough I tried your test and that looks good...

HOwever, when i run this test:
HELO example.com
MAIL From: TheBoss@example.com
RCPT To: geisj@pagestation.com
DATA
Subject: Think we're insecure...
I have a feeling our mail server is being abused...
.
QUIT

and paste that into port 25 of my server (telnet I'm talking)
I get the email and I should not ( I presume) as I am not example.com.

Jerry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 10:53 PM
Ross Walker
 
Default close open relay

On Nov 12, 2008, at 5:08 PM, Jerry Geis <geisj@pagestation.com> wrote:



lists-centos wrote:

sorry, the start page is:

<http://www.abuse.net/relay.html>


look at the headers of the original messages (probably included as
attachments) that sbcglobal is sending back. it's very possible that
a spammer has forged an address from your machine on their outbound
spam, and sbcglobal is bouncing that, (rather than rejecting,
because they haven't a clue), generating scatter-back spam.


- Rick

------------ Original Message ------------


Date: Wednesday, November 12, 2008 04:44:02 PM -0500
From: Jerry Geis <geisj@pagestation.com>
To: CentOS ML <centos@centos.org>
Subject: Re: [CentOS] close open relay

lists-centos wrote:


You have to have changed more than just the sendmail.mc/cf to
make a default centos sendmail setup an open mail relay.

Your /etc/mail/access file is where things are defined as to what
you relay for. The /etc/mail/local-host-names effects what you
accept mail for.

Make certain that what you're using to test that's it's an open
relay is reporting things correctly. There's a difference between
sendmail being "open" (accepting mail from the outside) and an
"open relay". The former is expected from a mail server, the
latter is a problem.

I use:

<http://verify.abuse.net/cgi-bin/relaytest>

which runs through a range of tests. I tried it against your
24.123.23.170 mail server a few min. ago and all was fine.

- Rick

------------ Original Message ------------


Date: Wednesday, November 12, 2008 03:33:11 PM -0500
From: Jerry Geis <geisj@pagestation.com>
To: CentOS ML <centos@centos.org>
Subject: [CentOS] close open relay

hi all, running centos 4.7 i686.

I seem to have an o pen r elay sendmail server.
How do I close it?

I have the STRAIGHT centos install sendmail.mc file.
Only thing I changed was:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

so as to allow incoming email and not just localhost. however
this seems to relay everyone.

I looked at http://www.sendmail.org/tips/relaying but it just
talks about (AFIKT)
enabling specific relays to occur - not how to CLOSE the
relaying.

How do I close the relay?

Jerry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


------------ End Original Message ------------





When I run the following I get broken web page:

http://verify.abuse.net/cgi-bin/relaytest


I am getting investigating all this as I am getting return emails
from sbcglobal that I am spam.

Jerry



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos



------------ End Original Message ------------






Sure enough I tried your test and that looks good...

HOwever, when i run this test:
HELO example.com
MAIL From: TheBoss@example.com
RCPT To: geisj@pagestation.com
DATA
Subject: Think we're insecure...
I have a feeling our mail server is being abused...
.
QUIT

and paste that into port 25 of my server (telnet I'm talking)
I get the email and I should not ( I presume) as I am not example.com.


That's not relaying. A true test is if you telnet from a public ip to
your SMTP port and try to send an email to a domain that isn't yours,
like a gmail account, does it go through. It shouldn't, but it should
if sent from an internal ip.


Basically you need a file of hosts/networks allowed to relay to any
domain (your internal hosts), and a file of domains that are allowed
to be relayed by anyone (domains you handle).


Can't remember their names, look in /etc/mail/Makefile for hints.

-Ross



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 10:59 PM
Christopher Chan
 
Default close open relay

I am getting investigating all this as I am getting return emails
from sbcglobal that I am spam.


Can you collaborate those mails with your logs?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 11-12-2008, 11:39 PM
Dennis Kaptain
 
Default close open relay

----- Mensaje original ----

> De: Christopher Chan <christopher.chan@bradbury.edu.hk>
> Para: CentOS mailing list <centos@centos.org>
> Enviado: miércoles, 12 de noviembre, 2008 17:59:25
> Asunto: Re: [CentOS] close open relay
>
>
> >>> I am getting investigating all this as I am getting return emails
> >>> from sbcglobal that I am spam.
>
> Can you collaborate those mails with your logs?
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos


Yes, check your logs to see if your mail server ever sent those messages.
I often get bounce emails back for my domain name at my web hosting provider. The server at my web hosting provider never sent those emails but a spamer somewhere else spoofed the from and/or reply-to as being from my domain.



¡Todo sobre Amor y Sexo!
La guía completa para tu vida en Mujer de Hoy.
http://mx.mujer.yahoo.com/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 02:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org