[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to make sure that anti-relaying is in place



On Fri, Jul 05, 2002 at 11:32:20AM -0400, christophe barbé wrote:
| On Fri, Jul 05, 2002 at 04:29:26PM +0100, Shri Shrikumar wrote:
| > On Fri, 2002-07-05 at 15:47, christophe barbé wrote:
| > > On Fri, Jul 05, 2002 at 10:22:08AM +0100, Shri Shrikumar wrote:

| > > > I am considering opening port 25 and have already testing for
| > > > relaying by telneting to relay-test.mail-abuse.org and it
| > > > tells me that the
| > > > config is good.

That's a good start, at least.  It is still _possible_ that you have
some sort of relaying allowed.  I say this because you _can_ specify
certain hosts (or other specific criteria) that are allowed to relay,
and if you do that incorrectly you could become a relay for some
people.  However, unless you're doing something particularly odd the
mail-abuse test is probably thorough enough.

| > From the machine to be tested
| > 
| > % telnet relay-test.mail-abuse.org
| 
| That's all, do you specify a port or type a command ?
| 
| When I try I see only :
| 
|    telnet relay-test.mail-abuse.org
|    Trying 204.152.187.123...
|    Connected to cygnus.mail-abuse.org.
|    Escape character is '^]'.

Do you have an MTA listening on port 25 of 204.152.187.123?  Hmm, yes
you do.  Does it (and the routers leading up to it allow connections
from the mail-abuse host (204.152.187.123)?  It connects back to the
host you telneted in from.  I just tried it on my machine, kinda neat.

HTH,
-D

-- 

There is not a righteous man on earth
    who does what is right and never sins.
        Ecclesiastes 7:20
 
http://dman.ddts.net/~dman/

Attachment: pgpiz_g3yxjvJ.pgp
Description: PGP signature


Reply to: