Results 1 to 3 of 3
Thread: Open Mail Relay
03-15-2003, 07:01 PM #1
- Join Date
- Feb 2003
*** EDITED BY HARBOR NETWORKS ***
Please see my 2nd post for a more detailed explanation.
But make sure you don't have your server setup to receive un-authorized e-mails via smtp.
Make sure you can't use Outlook to send mail via your SMTP connection. You can require users to use a login and password in order for them to use your server to send mail. If not your server has the potential to become a open relay and added to the list of denied servers.
Check out this site for help closing it down if your using EXIM
This report has been brought to you in part by Northwind and HarborNetworks.
03-16-2003, 12:05 AM #2
- Join Date
- Feb 2003
Right... Sorry if I was unclear about what I was trying to say. LOL it's been a long day. I was thinking all that in my head when I wrote the first one, but for some reason didn't mention any of that. Thanks for saying something Daver. I wouldn't have caught it.
If you don't require any authentication on SMTP then anyone can use your server as a mail relay. However if you change your settings and require a valid login and pw in order to send mail via SMTP then your can stop the open relay. Try it on your server
1. Open up Outlook
2. Configure a new connection
3. Enter a bogus name
4. Enter a bogus email address
5. Then enter your mailserver ip or dns name in the pop3 and smtp settings
6. For your login and pwd use a bogus login and pwd
7. Then make sure it's your default or select it to send mail out using that server.
8. Send an e-mail to someone.
If your auth is turned off then that e-mail you will get delivered. Follow the instruction I posted earlier to fix the problem. Then try to send another e-mail and it won't work.
In order to send e-mail using the now locked down mail server click on the mail settings and then on the outgoing server tab. Click my server requires a login. Set it the same as your e-mail login and pw. Then change your login and pw to a valid e-mail account on your system. You will now be able to send an e-mail ONLY if you have a valid account.
If you have this open, I would close it immediately before you get added to blacklists, and better yet have to pay for additional bandwidth due to your open relay being exploited
***This has been tested on a system running cPanel and Exim***
03-16-2003, 02:16 AM #3northwindGuest
Since Cpanel basically automatically configures exim and such, it was pretty hard to mess around with these programs. =P.
So, if you need any help, just post on what the error is and we will try to help you.