Topic: open mail relay

[Trever Schatschneider]

I'm currently using SME 5.5 for one of email at one of our companies.  Other than installing squid guard for content filtering it's a stock install.  We are installing Domino for another of our divisions.  I got the domino engineer to do a test for mail relaying because I had heard we were relaying spam/porn.  As it turns out the E-smith server is an open relay.  Besides reinstalling the server without squid guard is there any other way to stop mail relaying?

[jean]

This is very interesting, because my experience has been just the opposite.  We have a closed-relay gateway mailserver which pass off external emails to the main internal server.  The main server is behind a firewall and can be accessed only by local network, the gateway server and vpn users.  In order to provide an open relay for my field vpn users I had to modify the settings before sme5.5 would allow any out of subnet mail bound for external addresses.  How did you conclude that you're relaying without any modifications?

[Craig Bursey]

I remember seeing something recently on here about mail relaying.  Someone thought that theye where being hacked buty I think it turned out to be a Perl script he was using.

Craig

[Craig Bursey]

here's the link.

http://www.e-smith.org/bboard//read.php?f=3&i=26067&t=26067

[Terry Brummell]

I really doubt a stock install is relaying mail.  Maybe the Domino install is allowing the relaying?  When these engineer's are testing, are they testing from the external interface of the SME, with no local networks definded in the server manager?  It's the experience of this list that shows more often then not it is the fault of the server owner then it is the software for relaying faults.

[Nathan Fowler]

Terry is on the right path.  If your engineer's box is on the same IP block/network as the SME server then it would appear to be an "open relay" because mail services are granted for the local network.  You can only do an accurate open-relay test from outside the local network.  If you're engineer didn't do this, then his report is a false positive and he's only alarmed you for nothing.

[raymondh]

If you take a look at the link posted above it is about a problem that I had with an open relay.

The problem wasn't the sme server but a client machine on the internal network that had a public IP assigned to it.  This client machine was forwarding all incoming port 25 requests to the sme server.

[Trever Schatschneider]

No we actually logged on from outside the interface (via dial up) and did a manual connection.  telnet x.x.x.x 25.  We actually got the server to send an email to a hotmail account from an address that doesn't exist on the system.  We were definately logged onto the internet IP (outside) of the esmith.

[Dave Owen]

Any progress on this, Trever?

I ask, because my mail logs show that earthlink rejected an email from my server with a message that indicated I might be an open relay. I also received an email from someone a few weeks ago (to my admin account) suggesting the same.

I telnet'd from the server to relay-test.mail-abuse.org for an open relay test, and test #11 came back positive.

Whether this means I'm actually an open relay or not, I don't know -- but I'm trying to find out (which is what led me to this thread). I'm running 5.5 with a few installed rpms, but nothing mail-related...and not running squidguard.

-D