The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim might be a Open Relay

Discussion in 'General Discussion' started by CCorderoR, Apr 2, 2004.

  1. CCorderoR

    CCorderoR Member

    Joined:
    Dec 16, 2002
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi:

    I've been running some tests thought abuse.net system, and i've discovered exim might support relaying...

    RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<spamtest@domain.com>
    <<< 250 OK
    >>> RCPT TO:<user-xxxxxxxx%nf.abuse.net@domain.com>
    <<< 250 Accepted
    >>> DATA
    <<< 354 Enter message, ending with "." on a line by itself
    >>> (message body)
    <<< 250 OK id=1B9U79-0003wb-4U

    I've received the e-mail:

    This is a test of third-party mail relay, generated via the
    Network Abuse Clearinghouse at http://www.abuse.net.

    Target host = domain.com [xx.xx.xx.xx]
    Test performed by <xxx@domain.com> from xx.58.x.48

    A well-configured mail server should NOT relay third-party email.
    Otherwise, the server is subject to abuse by vandals and spammers,
    and probable blacklisting by recipients of the unwanted third-party
    e-mail.

    For information on how to secure a mail server against third-party
    relay, visit <URL: http://www.mail-abuse.org/tsi/>.

    I would like to know if this error is already known and if somebody knows how to block relay thought this method.

    Regards,
    Carlos
     
  2. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    I tested with the anonymous test and my server passed all 12 tests it tried.
     
  3. CCorderoR

    CCorderoR Member

    Joined:
    Dec 16, 2002
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi:

    I've been checking again and i discovered that spam might only be sent to the local users, so... nothing important :)

    Regards,
    Carlos
     
  4. keyDet79

    keyDet79 Well-Known Member

    Joined:
    May 11, 2003
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Netherlands
    Well, I didn't try this yet on my server but this might be a serious bug since I think someone already abused this on one of our servers.

    Luckily the Mail Statistics in WHM display 'Top 50 sending hosts by message count' - if there is any abnormal behaviour you can just block the IPs of the domains used to send this spam. Since I did this I noticed I no longer have huge peaks in the 'received' AND 'delivered' stats list. I had about 2 large peaks a day, along with very high load during their spamming. I definately caught this bastard.
     
Loading...

Share This Page