[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Am I really an Open Relay?



My network security honcho just came in and told me that according to ORDB, my Debian box is an open relay. Am I really a relay, and how do I tighten up the security if I am? Thanks!

Here's the message that ORDB sent to me:

This is an automatically generated mail from ORDB.org.

Your submitted host 150.252.128.51 has been classified as an open relay and
is now stored in our database.
If you in any way appreciate this information we welcome donations of any amount,
be they small or large, to cover some of the expenses associated with development
and maintenance of ORDB. http://ORDB.org/donate/ is the place to go.

This email is sent from an unattended mailbox, so please do not
reply to it. To find information about how to contact ORDB.org, please visit http://ORDB.org/contact/.



Have a nice day, thank you for using ORDB.org.

PS. Need this mail translated? Have a look at:
http://ORDB.org/translation/#open_relay_detected


And another message from them:


Envelope-to: postmaster@westek.acu.edu
From: bitbucket@ORDB.org
To: postmaster
Subject: Open relay detected within your network

This is an automatically generated mail from ORDB.org.

Someone has submitted your mail server 150.252.128.51 to our relay checker a
<http://ORDB.org/submit/>, and we have learned that it is in fact an
open relay.

For details about the test results, please refer to
<http://ORDB.org/lookup/?host=150.252.128.51>.

Having an open relay on your network makes it possible for malicious
users (spammers), to make it look like spam is originating from your
site. This could cause you or your organisation to be wrongfully
associated with spamming activities.  Additionally, quite a few
systemadministrators around the world refuse to accept connections from
open relays, and so will block your site in the near future.
We have listed your server as an open relay in our database. Please note
that we do not distribute this information, except to users who
specifically request information about your particular ip-address.

In order to fix your server, you should probably get in touch with your
software vendor, and upgrade your software to the latest version. Also
it may be necessarry to change a few settings in your MTAs setup, to
disallow relaying from IP-addresses you do not consider local. For help
with this, see <http://ORDB.org/fix/>.

If you believe that your organisation really needs to run an open relay,
you should probably look into ASMTP (authenticated SMTP) or pop before
SMTP, which will solve your problems, while at the same time securing
your server.

For further information about open relays, have a look at
<http://ORDB.org/faq/>

When your server has been secured, feel free to remove it from ORDB by following this link: <http://ORDB.org/removal/>.

This email is sent from an unattended mailbox, so please do not reply to
it. To find information about contacting ORDB.org, please visit
<http://ORDB.org/contact/>.

PS. Need this mail translated? Have a look at:
<http://ORDB.org/translation/#open_relay_inform>



Here's what I think are probably the relevant snippets from my /etc/exim/exim.conf file:

# Domains we relay for; that is domains that aren't considered local but we # accept mail for them.

#relay_domains = # If this is uncommented, we accept and relay mail for all domains we are # in the DNS as an MX for.

#relay_domains_include_local_mx = true

# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root

and . . . .

# The setting below allows your host to be used as a mail relay only by
# localhost: it locks out the use of your host as a mail relay by any
# other host. See the section of the manual entitled "Control of relaying" # for more info.

host_accept_relay = 127.0.0.1 : ::::1

# This setting allows anyone who has authenticated to use your host as a
# mail relay. To use this you will need to set up some authenticators at
# the end of the file

host_auth_accept_relay = *




--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: