Open Relay valnarability?
 

How can I check my server for open relay valnarability?
Thanks

Submit your IP here: http://www.ordb.org/submit/

Actually, that's a bad way to do it. You don't want to get yourself blackholed if you are accidentally an open relay.

There's a very easy way to test. From a remote host (a friend's box, a shell account, etc) use telnet to connect to port 25/tcp on your box and try to send a message through your server to another domain.

For example, assume your domain is called "yourdomain.tld" and your mail server is "mail.yourdomain.tld". There is some third party domain (that you don't host) called "otherdomain.tld".

It should look something like the above. If you get "250 +OK Recipient OK" instead of "571 Cannot relay. Mailbox not available foo@otherdomain.tld", then you're an open relay and need to lock yourself down.

If you are an open relay, review the instructions found at the MAPS TSI Anti-Relay site.

yeah, look out
 

Chort is right. Don't use orbs. That's like calling the cops to come over and test those wild plants in your backyard to see if they contain THC.

You probably are NOT an open relay unless you really tried to mess with your MTA's settings. Every contemporary MTA ships with default settings that prohibit relaying.

di11rod

[mike@localhost mike]$ telnet orbit.localhost.com 25
Trying IP(real ip) address...
Connected to IP address
Escape character is '^]'.
220 orbit.localhost.com ESMTP Sendmail 8.11.6/8.11.6; Fri, 30 Jan 2004 08:07:46 -0500


Does this server open for relay?

Thanks

Getting a response from the system doesn't not automatically imply that it's a relay. As chort suggested, try to sent email to a user at another domain that is not handled by this system.

Ya, if you don't get a responce from outside people won't be able to send mail to you:)

And just so you know, orbs never blacklists you the first time, they give you about a week before they retest, if you aren't fixed by then, you are screwed.

Pay close attention. Things that you type are in BOLD. Responses are normal font.

Also, visit the MAPS TSI site I linked in my first post.

Great info by Chort. Good job!

di11rod

It's what I do for a living, I better be good at it :)

hi chrot,

i just tested mine and its' output is like this:

does this mean my server is an open relay?
and also when i check the maillog it only displays info on connect and disconnect from the remote host i am using , no sending mail is taken place

thanks

hi, i have just tested my mail server using the MAPS TSI advice
by telnet into relay-test.mail-abuse.org, and the results are my server is not an open relay :)

this snippet is from my maillog :)

however sometimes my mailserver can get a bit wierd like sending out mail to addresses i dun even know :(, however most of the times it got deffered but sometimes it got sent out too.

for example:

is this some kind of virus or script planted into my server?
if so, how can i check and get rid of the script/virus??

thanks :)

According to the first snippet you posted, you are an open relay. Try issuing the data command to see if it will actually accept your message. The first Postfix log message is just one type of relaying that was denied, probably a number of others were tried. Did you check to make sure they all got rejected?

The part about a message being deferred means it couldn't be delivered because of some type of connection failure. By the looks of it, it was spam being bounced and the responsible server didn't accept it.

Oh, there may be some more stuff going on there. I'll look at it after I get some sleep.

wakssssssss!!!!!

dough!! it seems like mine is an open relay :(

try using

and in maillog it 's like this :(

douh!!!!

how and where can i set my mailserver into not an open relay???
help please :(

but how come the one i use from MAPS TSI print out relay denied?
wierd :( will try to telnet to the above given add from MAPS again .

advice please :(

thanks