[ILUG-BOM] a question on open relay??

mitul at antispam mitul@[EMAIL-PROTECTED]
Sun Oct 31 21:09:53 IST 2004


Hey Biju,

I dont see any problem with the SMTP session.

Primarily because you are connecting to the AUTHORITATIVE MX server for
CopStop.com and no matter who sends the mail, till the time the RCPT is for a
user inside your domain i.e. CopStop.com, it seems to be ok.

If the server would have accepted RCPT to: xyz at someotherdomain.com then it
surely would be alarming issue.

Ahhh but you might have to do some kind of checking here to see if the email
thats getting inside is UCE or a Legitimate email.
Qmail would give " 550 - Domain aint in my RCPT Hosts file ", if the RCPT TO
would have been any thing other then copstop.com or any domain thats not listed
in /var/qmail/control/rcpthosts file.

Let me know if this solves the problem ?

Best Regards,
Mitul Limbani
CTO,
Enterux Solutions,
The Enterprise Linux Company (TM),
http://www.enterux.com/

Quoting BIJU KRISHNAN <bijucyborg at yahoo.com>:

> 
> Hi All,
> 
> Could you pls analyze the following transcript of my
> session with a remote server and help me judge whether
> the server is in some sense an open relay...One thing
> abt the server is that it passes all anonymous
> relaying tests.....but what if i know two contacts on
> the same server..
> 
> ----------------------------------------------------
> [root at bijucyborg root]# telnet 2XX.1XX.XXX.XX 25
> Trying 2XX.1XX.XXX.XX...
> Connected to 2XX.1XX.XXX.XX.
> Escape character is '^]'.
> 220 COPSTOP.com ESMTP
> ehlo popa
> 250- COPSTOP
> 250-PIPELINING
> 250 8BITMIME
> mail from:xyz at COPSTOP
> 250 ok
> rcpt to:abc at COPSTOP.com
> 250 ok
> data
> 354 go ahead
> we went to school together
> .
> 250 ok 1099213953 qp 10543
> quit
> 221 COPSTOP.com
> Connection closed by foreign host.
> ------------------------------------------------------
> 
> As I have observed the server accepts message from
> xyz at COPSTOP to abc at COPSTOP.
> 
> 1. xyz and abc are two valid users on the system.
> 2. This session was carried from a random machine on
> the internet.
> 
> If this is dangerous....assuming that i'am using
> sendmail, could u pls suggest a technique to stop
> this.
> 
> bye rgds
> 
> biju
> 
>  
> 
> 
> 
> 		
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail Address AutoComplete - You start. We finish.
> http://promotions.yahoo.com/new_mail 
> 
> -- 
> http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
> 




----------------------------------------------------------------



More information about the Linuxers mailing list