The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hard problems with open relay

Discussion in 'General Discussion' started by equens, Feb 17, 2005.

  1. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    We have a lot of open realys in servers and I we always receive errors like "Recipient address rejected: Relay access denied."

    I tried this but it still does not work!

    /scripts/fixrelayd
    /etc/rc.d/init.d/antirelayd restart
    service exim restart

    How can I close those relays and prevent new relays?
    Thanks!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    What makes you think that your server is an open relay?
     
  3. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    Hi Jonathan, We have a list of users who have realyed mail (WHM/View Relayers) in all servers and we have problems to send email to some domains, we are receiving error like this:

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    xxxx@xxxxx.com
    Recipient address rejected: Relay access denied

    What do you think?
     
  4. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    Can anyone tell me how to close and prevent open relay? Thanks!
     
  5. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    Go to Spamcop.net and/or Spamhaus.org. They both can tell you. But to be an open relay you have to enable it because that is not the default settings for Cpanel. Spamhaus and several of the other SPAM blocking lists also have open relay testers that will test your server. But be aware, if yoiu are an open relay they will blacklist you until you fix the problem and their retest comes out clen.

    Why do you not test to see if you are an open relay yourself. Just try to send email on a non-existent account without any type of authentication. If open, it will go through. Just remember to send to an account NOT on the server as there are two different type of open relays - one on your own server and one to the rest of the world.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. Since you quoted that you're seeing "Recipient address rejected: Relay access denied" clearly it's not relaying email for others.
     
  7. heffners

    heffners Registered

    Joined:
    Jun 15, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Seeing same thing open relays

    Hello we are also dealing with open relays we are getting sent to the spam dogs and this is not letting us get emails sent to yahoo, aol, and a lot more.

    We know there is open relays because

    Below are list of users who have realyed mail. They are listed in the order by number of messages sent. You can click on the user/domain to view who they sent the messages to.
    User Domain Messages Sent Total Bytes Sent
    affiliat 1447 7433400
    jerry 128 176042
    ebidd 31 23650
    brian 19 19628
    root 1 3199
    webmas 1 3488

    As you can see root is even in there.
    Also two of them accounts are my personal accounts and one of them is a friend of mine which I can guarantee he would not spam.

    Now the top one thats sent 1447 messages is also a friend but he has double opt in list and he assures me they are all legit double opt in leads

    Jerrys account that has sent 128 is a cgi script and it has several different emails setup in the script. but he is a good friend who I can guarantee dont even use a list or nothing I mean the only emails getting sent is from the script.
    Same goes for ebidd

    Brian is my account and I had a auto responder setup through fantastico I removed it

    Root I have no idea how it sent mail.

    Webmas is my account

    Now what I would like to know

    1. How do I stop the messages from getting relayed?
    2. how to I clean up the relayed ones thats there now?


    I am going through all cgi scripts now and setting everything to one email and making sure that email is created in the cpanel mail.

    Any ideas or thoughts would be greatly appreciated...

    Your friend Brian

    Ps I think that if my detailed question gets answered it will help the origianl poster
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you're using the standard exim setup then you won't have an open SMTP relay. What you might have is exploited scripts being used to send out spam. Email being rejected by the likes of AOL and yahoo are usually because you have email forwarded to an account on their services and you haven't filtered out spam and they simply reject your email - that's a problem on their systems and you should disable any spam scanning that you may have configured on those services to prevent that from happening.

    You also need to track down email throughput from your exim mainlog, the statistics, while interstesing, mean nothing unless you actually find out what is being sent, when and from where.
     
  9. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    You are aware that you'll get that exact same error message returned on Outlook and some
    of the other mail programs if your customer's ISP is blocking port 25, right?

    A lot of ISPs these days are blocking port 25 to prevent their customers from using any
    outbound mail server other than their own. It's all in the misguided name of controlling SPAM.
    AOL, Earthlink, RR, Comcast, and SBC are just a few examples of ISPs that do this!

    For a workaround solution, activate the secondary SMTP option on another port and let your
    customers know the new port number to update their email programs. This should allow them
    to bypass their ISPs port blocks and will stop the "Cannot Relay" / "Cannot Connect" messages.
     
  10. bking

    bking Well-Known Member

    Joined:
    Mar 1, 2004
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney
    If an ISP is blocking outbound port 25, I doubt they will get that error message. If their computer cannot connect to the remote server due to the block, then the server never replies with a reject, cos the transaction did not get that far.
     
  11. lloyd_tennison

    lloyd_tennison Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    698
    Likes Received:
    1
    Trophy Points:
    18
    I mainly see that message when the email I am sending to is forwarding to another address. Make sure all the servers match - as I will bet that is what the problem is. You especially get that with some of the free mail forwarding services, i.e. bigfoot.
     
  12. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    When doing this as you say and setting the alternative port to say 26 or 587 then the SMTP running or open on that port is acting as an Open Relay.

    Anyone have any idea how to correct this?
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    What makes you think it's acting as an open relay? Exim with the default cPanel installation does not allow relaying without authentication (POP before SMTP or SMTP AUTH).
     
  14. Hip Hop Servers

    Joined:
    Feb 16, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Diable Open Relay

    What I would like to know is why when we ask a question like this why someone cant just answer the question. I ran three open relay tests on both of my cPanel boxes and both of them have been tag as open relay servers. Now, I have a default cPanel configuration, and the only modification I have is some mod_security settings, and as for exim setting I just have my box configure to scan all incoming mail to block spam from a5 diffrent blacklists. None of these changes made my box and open relay..

    So again the question is how to disable open relays, and even on the pretence that your allegation is correct how do we find an script with and exploit?
     
  15. troxalias

    troxalias Well-Known Member

    Joined:
    Nov 21, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Athens - Greece
    Reset your exim configuration to the defaults. The default exim configuration will allow relay only on authenticated users (with either way mentioned above). The most probable reason for high numbers of related mails from a users is either an exploited web script on your server or a stolen webmail account on your server.
     
Loading...

Share This Page