Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Exim might be a Open Relay

Discussion in 'General Discussion' started by CCorderoR, Apr 2, 2004.

  1. CCorderoR

    CCorderoR Member

    Joined:
    Dec 16, 2002
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    Hi:

    I've been running some tests thought abuse.net system, and i've discovered exim might support relaying...

    RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest@domain.com>
    <<< 250 OK
    >>> RCPT TO:<user-xxxxxxxx%nf.abuse.net@domain.com>
    <<< 250 Accepted
    >>> DATA
    <<< 354 Enter message, ending with "." on a line by itself
    >>> (message body)
    <<< 250 OK id=1B9U79-0003wb-4U

    I've received the e-mail:

    This is a test of third-party mail relay, generated via the
    Network Abuse Clearinghouse at http://www.abuse.net.

    Target host = domain.com [xx.xx.xx.xx]
    Test performed by <xxx@domain.com> from xx.58.x.48

    A well-configured mail server should NOT relay third-party email.
    Otherwise, the server is subject to abuse by vandals and spammers,
    and probable blacklisting by recipients of the unwanted third-party
    e-mail.

    For information on how to secure a mail server against third-party
    relay, visit <URL: http://www.mail-abuse.org/tsi/>.

    I would like to know if this error is already known and if somebody knows how to block relay thought this method.

    Regards,
    Carlos
     
  2. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Huntington Beach, Ca
    I tested with the anonymous test and my server passed all 12 tests it tried.
     
  3. CCorderoR

    CCorderoR Member

    Joined:
    Dec 16, 2002
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    151
    Hi:

    I've been checking again and i discovered that spam might only be sent to the local users, so... nothing important :)

    Regards,
    Carlos
     
  4. keyDet79

    keyDet79 Well-Known Member

    Joined:
    May 11, 2003
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Netherlands
    Well, I didn't try this yet on my server but this might be a serious bug since I think someone already abused this on one of our servers.

    Luckily the Mail Statistics in WHM display 'Top 50 sending hosts by message count' - if there is any abnormal behaviour you can just block the IPs of the domains used to send this spam. Since I did this I noticed I no longer have huge peaks in the 'received' AND 'delivered' stats list. I had about 2 large peaks a day, along with very high load during their spamming. I definately caught this bastard.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice