Re: Am I really an Open Relay?
Kent,
I would assume that you are or at least need to check.
Can you start by telling us which MTA you are using (exim, sendmail, etc.) and a brief description of
what you need your Debian box to do with regard to sending and receiving mail.
The solutions are pretty simple but will depend on your MTA and your needs.
Liam
On 18 Jul 2002 at 8:57, Kent West wrote:
> My network security honcho just came in and told me that according to
> ORDB, my Debian box is an open relay. Am I really a relay, and how do
> I tighten up the security if I am? Thanks!
>
> Here's the message that ORDB sent to me:
>
> > This is an automatically generated mail from ORDB.org.
> >
> > Your submitted host 150.252.128.51 has been classified as an open
> > relay and is now stored in our database.
> >
> > If you in any way appreciate this information we welcome donations
> > of any amount, be they small or large, to cover some of the expenses
> > associated with development and maintenance of ORDB.
> > http://ORDB.org/donate/ is the place to go.
> >
> > This email is sent from an unattended mailbox, so please do not
> > reply to it. To find information about how to contact ORDB.org,
> > please visit http://ORDB.org/contact/.
> >
> >
> >
> > Have a nice day, thank you for using ORDB.org.
> >
> > PS. Need this mail translated? Have a look at:
> > http://ORDB.org/translation/#open_relay_detected
>
>
> And another message from them:
>
>
> > Envelope-to: postmaster@westek.acu.edu
> > From: bitbucket@ORDB.org
> > To: postmaster
> > Subject: Open relay detected within your network
> >
> > This is an automatically generated mail from ORDB.org.
> >
> > Someone has submitted your mail server 150.252.128.51 to our relay
> > checker a <http://ORDB.org/submit/>, and we have learned that it is
> > in fact an open relay.
> >
> > For details about the test results, please refer to
> > <http://ORDB.org/lookup/?host=150.252.128.51>.
> >
> > Having an open relay on your network makes it possible for malicious
> > users (spammers), to make it look like spam is originating from your
> > site. This could cause you or your organisation to be wrongfully
> > associated with spamming activities. Additionally, quite a few
> > systemadministrators around the world refuse to accept connections
> > from open relays, and so will block your site in the near future. We
> > have listed your server as an open relay in our database. Please
> > note that we do not distribute this information, except to users who
> > specifically request information about your particular ip-address.
> >
> > In order to fix your server, you should probably get in touch with
> > your software vendor, and upgrade your software to the latest
> > version. Also it may be necessarry to change a few settings in your
> > MTAs setup, to disallow relaying from IP-addresses you do not
> > consider local. For help with this, see <http://ORDB.org/fix/>.
> >
> > If you believe that your organisation really needs to run an open
> > relay, you should probably look into ASMTP (authenticated SMTP) or
> > pop before SMTP, which will solve your problems, while at the same
> > time securing your server.
> >
> > For further information about open relays, have a look at
> > <http://ORDB.org/faq/>
> >
> > When your server has been secured, feel free to remove it from ORDB
> > by following this link: <http://ORDB.org/removal/>.
> >
> > This email is sent from an unattended mailbox, so please do not
> > reply to it. To find information about contacting ORDB.org, please
> > visit <http://ORDB.org/contact/>.
> >
> > PS. Need this mail translated? Have a look at:
> > <http://ORDB.org/translation/#open_relay_inform>
> >
>
>
> Here's what I think are probably the relevant snippets from my
> /etc/exim/exim.conf file:
>
> > # Domains we relay for; that is domains that aren't considered local
> > # but we accept mail for them.
> >
> > #relay_domains =
> >
> > # If this is uncommented, we accept and relay mail for all domains
> > # we are in the DNS as an MX for.
> >
> > #relay_domains_include_local_mx = true
> >
> > # No local deliveries will ever be run under the uids of these users
> > # (a colon- separated list). An attempt to do so gets changed so
> > # that it runs under the uid of "nobody" instead. This is a paranoic
> > # safety catch. Note the default setting means you cannot deliver
> > # mail addressed to root as if it were a normal user. This isn't
> > # usually a problem, as most sites have an alias for root that
> > # redirects such mail to a human administrator.
> >
> > never_users = root
>
> and . . . .
>
> > # The setting below allows your host to be used as a mail relay only
> > # by localhost: it locks out the use of your host as a mail relay by
> > # any other host. See the section of the manual entitled "Control of
> > # relaying" for more info.
> >
> > host_accept_relay = 127.0.0.1 : ::::1
> >
> > # This setting allows anyone who has authenticated to use your host
> > # as a mail relay. To use this you will need to set up some
> > # authenticators at the end of the file
> >
> > host_auth_accept_relay = *
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
>
--
Liam Ward
DV4
t: +353 1 672 7250
e: liam@dv4.com
w: www.dv4.com
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: