The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop Open Relay

Discussion in 'General Discussion' started by stocosoft, Mar 6, 2004.

  1. stocosoft

    stocosoft Active Member

    Joined:
    Nov 14, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hey all,
    Looking for some guidance here. Recently my server has been being put on blacklists for the dreaded OPEN RELAY. Now, I know there is not really an open relay, but the relay police don't seem to care. Several tests have been run and NO mail actually gets through.

    But, in some cases, the testing sites are actually able to connect. For some reason, this puts me on every list.

    ==================
    To: john@xxxxxx.net
    From:
    <<< 250 Reset OK
    >>>> MAIL FROM:<>
    <<< 250 OK
    >>>> RCPT TO:
    <<< 250 Accepted
    >>>> DATA
    <<< 354 Enter message, ending with "." on a line by itself
    >>>> MESSAGE
    <<< 550 Administrative prohibition
    SUCCESS

    Relay Accepted - final response code 550

    If you dont recieve it then its not a relay (Its still a Bad Thing (TM) that it accepted)
    ===================

    I am sure I am not the only person dealing with this issue. So what I would like to know is this:

    How do I stop this? Obviously, these tests are intended poke holes in suspected security holes (whether real or not) and it MUST be possible to close these suspected holes.

    I have ran the following as suggested with no help.
    /scripts/fixrelayd
    /etc/rc.d/init.d/antirelayd restart
    service exim restart

    Any thoughts?

    John
     
  2. stocosoft

    stocosoft Active Member

    Joined:
    Nov 14, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Interesting approach. But that seems impracticle doesn't it? My idea of how to do business on the Internet is to automate as many things as possible. It would seem much easier to shut off ports and enable the proper responses that the relay tests are looking for than it would to contact any number of organizations and plead my case.

    In further research, I ran across this on the nhabl.org site. According to them, the tests they are running only flag if an email got through.

    ======= From http://njable.org/method.html ====
    Our relay test messages utilize an encrypted message which makes them nearly impossible to forge. Our reception of the intact open relay test message and decryption of the message body indicates the system it was sent through is an open relay and results in that IP being added to the list. Servers that accept the message but do not relay it, are not falsely detected as open relays. Our system must receive and successfully decrypt the test message in order to detect an open relay.
    ======================================

    So, I am still in search of an answer. Is there some way to tweak exim to block these relays. Any help would be appreciated.

    John
     
  3. stocosoft

    stocosoft Active Member

    Joined:
    Nov 14, 2003
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Sorry, the actual url is here, http://njabl.org/method.html

    I am sure that is a possibility and I don't want to sound ungrateful for the advice, but I would be a bit quicker to buy your script theory if I was not getting this from several abuse sites. That is why I tend to believe that there is something within Exim that may need to be tweaked. I just have no idea what it could be.

    John
     
  4. fishfreek

    fishfreek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    238
    Likes Received:
    0
    Trophy Points:
    16
    The additude most of these test places have is one of not being overly customer service orented. Its bad enough getting listed and even worse trying to get off. Most are quick to add and slow to remove.
     
Loading...

Share This Page