This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail Relay

Hi There,

Me again with relay issues.

I'm definately a relay, the amount of returned spam I'm getting is incredible.  200 User Unknowns in 4 days and more coming in.  I am not allowing smtp to come through and yet my mail server is being used... or the firewall.

Filter rules.

  1  Private  Any Any Allow  (that's internal)
  2  Any POP3 mx Allow
  3  Any HTTP Webserver Allow

I am using SMTP proxy for incoming, how do I find out where the hole is?  I'm going to do alot more reading, but from what I can see it's the firewall sending the spam.

Let me know what other info I can gather to help solve.

HELP!!! Please

This thread was automatically locked due to age.

Parents

0 siudak@HES over 23 years ago

Do so as you are the spammer and test your firewall-rules...

Use a connection from outside your IPs. (Best is
a dial up-connection from a normal dial-in
provider) Then connect to your Firewall with a
telnet-client with port 25.

Use the three smtp-commands in this order:

  MAIL FROM:
  RCPT TO:
  DATA

  .

When the mail arrives to

your rules are not so good.
In the ASL 2.x there is a small bug that the SMTP-
Proxy doesn't send an error statement when your
rules are save. Normally there have to come an
5xx-Errorcode when sending a spam mail to someone
else... In the 3.xx-Versions it will be fixed.

Hope of helping you
siudak@HES

[ 27 December 2001: Message edited by: siudak@HES ]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 siudak@HES over 23 years ago

Do so as you are the spammer and test your firewall-rules...

Use a connection from outside your IPs. (Best is
a dial up-connection from a normal dial-in
provider) Then connect to your Firewall with a
telnet-client with port 25.

Use the three smtp-commands in this order:

  MAIL FROM:
  RCPT TO:
  DATA

  .

When the mail arrives to

your rules are not so good.
In the ASL 2.x there is a small bug that the SMTP-
Proxy doesn't send an error statement when your
rules are save. Normally there have to come an
5xx-Errorcode when sending a spam mail to someone
else... In the 3.xx-Versions it will be fixed.

Hope of helping you
siudak@HES

[ 27 December 2001: Message edited by: siudak@HES ]
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 ollion over 23 years ago in reply to siudak@HES

spike,

do you talk about your internal e-mail server
or Astaro SMTP proxy?
Check setting in Proxies/SMTP relaying should
only be allowed for internal users or better
your internal mail gateway.

regards
ollion

[ 27 December 2001: Message edited by: ollion ]
Cancel
Vote Up 0 Vote Down

Cancel
0 Orjan Sandland over 23 years ago in reply to ollion

Just to throw in my hands-on to support the others here:
sandland.addr.com is a valid mail domain.
sandland.ws is the domain behind my astaro box

in my config, the only accepted incoming domain is sandland.ws
I have no pop3/imap openings from external to internal, and no smtp flowing through the firewall except in the proxy.


quote:

> telnet mail.sandland.ws 25
Trying 217.8.139.1...
Connected to mail.sandland.ws.
Escape character is '^]'.
220 alpha.sandland.ws ESMTP
helo orjan@justkidding.com
250 alpha.sandland.ws
MAIL FROM  [:D]umbo@justkidding.com
250 ok
RCPT TO  [:$]rjan@sandland.addr.com
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
RCPT TO  [:$]rjan@sandland.ws

This shows that the proxy will not relay to sandland.addr.com, but it happily accepts sandland.ws

Best regards,
Ørjan Sandland

[ 27 December 2001: Message edited by: Ørjan Sandland ]
Cancel
Vote Up 0 Vote Down

Cancel
0 spike_01 over 23 years ago in reply to Orjan Sandland

Great! Well... Great as in progress...

I'm going to try re-doing them, but the idea of having a HTML interface specially for Firewall rules is that it makes my life easy... HA.

I'm open, so how do I get these rules to save?
Cancel
Vote Up 0 Vote Down

Cancel