Results 1 to 3 of 3
Thread: Open Mail Relay
-
03-15-2003, 07:01 PM #1Addict
- Join Date
- Feb 2003
- Location
- Virginia
- Posts
- 426
*** EDITED BY HARBOR NETWORKS ***
Please see my 2nd post for a more detailed explanation.
But make sure you don't have your server setup to receive un-authorized e-mails via smtp.
Make sure you can't use Outlook to send mail via your SMTP connection. You can require users to use a login and password in order for them to use your server to send mail. If not your server has the potential to become a open relay and added to the list of denied servers.
Check out this site for help closing it down if your using EXIM
http://www.eckes.org/article.php?sid=150
This report has been brought to you in part by Northwind and HarborNetworks.Brian Pauley
:: Harbor Networks ::
http://www.harbornetworks.net
:: SoundSource - Your Online Pro Audio Online Web Resource. ::
http://www.soundsource.info
-
03-16-2003, 12:05 AM #2Addict
- Join Date
- Feb 2003
- Location
- Virginia
- Posts
- 426
Right... Sorry if I was unclear about what I was trying to say. LOL it's been a long day. I was thinking all that in my head when I wrote the first one, but for some reason didn't mention any of that. Thanks for saying something Daver. I wouldn't have caught it.
If you don't require any authentication on SMTP then anyone can use your server as a mail relay. However if you change your settings and require a valid login and pw in order to send mail via SMTP then your can stop the open relay. Try it on your server
1. Open up Outlook
2. Configure a new connection
3. Enter a bogus name
4. Enter a bogus email address
5. Then enter your mailserver ip or dns name in the pop3 and smtp settings
6. For your login and pwd use a bogus login and pwd
7. Then make sure it's your default or select it to send mail out using that server.
8. Send an e-mail to someone.
If your auth is turned off then that e-mail you will get delivered. Follow the instruction I posted earlier to fix the problem. Then try to send another e-mail and it won't work.
In order to send e-mail using the now locked down mail server click on the mail settings and then on the outgoing server tab. Click my server requires a login. Set it the same as your e-mail login and pw. Then change your login and pw to a valid e-mail account on your system. You will now be able to send an e-mail ONLY if you have a valid account.
If you have this open, I would close it immediately before you get added to blacklists, and better yet have to pay for additional bandwidth due to your open relay being exploited
***This has been tested on a system running cPanel and Exim***Brian Pauley
:: Harbor Networks ::
http://www.harbornetworks.net
:: SoundSource - Your Online Pro Audio Online Web Resource. ::
http://www.soundsource.info
-
03-16-2003, 02:16 AM #3northwindGuest
Since Cpanel basically automatically configures exim and such, it was pretty hard to mess around with these programs. =P.
So, if you need any help, just post on what the error is and we will try to help you.
Reply With Quote
Bookmarks