Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Open Relay Help & Telnet Security Issue

  1. #11
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default

    So what you are telling me is that anyone can spam us by telnet'ing into our domain, running code that email users only our domain and there is nothing I can do about it?

  2. #12
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Quote Originally Posted by OfMacAndMen View Post
    So what you are telling me is that anyone can spam us by telnet'ing into our domain, running code that email users only our domain and there is nothing I can do about it?
    Well, if your intention is to block port 25, you'll never get mail.

    SPAM is analyzed based upon factors. You message was short, and didn't include any spam characteristics.

    You can telnet to our server, yahoo's, Microsoft's, Apple's, etc. You can't block telnet access to port 25. That's how SMTP works.

    Once the message is received, is when it's judged to be spam.

  3. #13
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default

    What stop hackers & spammer from using this to flood your network with spam or DOS attacks?

  4. #14
    randall is offline Advanced Member
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    7

    Default

    Quote Originally Posted by OfMacAndMen View Post
    So what you are telling me is that anyone can spam us by telnet'ing into our domain, running code that email users only our domain and there is nothing I can do about it?
    OfMacAndMen, I humbly suggest that you conduct a little audit of your network by sniffing what is being done by each workstation in your network. Some of your workstations may have been acting as a redirector (infected by some sort of intelligent trojan, like that from ISOhunt) that is why you appear to have an open relay. (i'm not exactly saying that you have this, but it won't hurt to try it.)

    We have a similar case in one of our clients and it gave us pain why such a volume of spam even open relay is off and bandwidth activity is very high.

    When we found out and identified those workstation, we isolated them from the network, and everything normalized. (And we re-formatted those stations tagged as redirector).

    Hope this helps.

  5. #15
    randall is offline Advanced Member
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    7

    Default

    Quote Originally Posted by OfMacAndMen View Post
    What stop hackers & spammer from using this to flood your network with spam or DOS attacks?
    Did you make your telnet test outside of your network, as in totally outside of your network?

  6. #16
    OfMacAndMen is offline Active Member
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default

    Yes. not even the same ISP

  7. #17
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    That's where the DNS checks section of the Zimbra admin comes in. Things like reverse lookup, and EHLO help to stop those type of things.

    Mail servers are multi-threaded, which means that more than one server can connect to port 25 at a time.

    If you have those DNS Checks, you reduce the chance of spam getting in.

    As far as DDoS attacks, it would take a lot (I mean a lot) to take a mail server down.

    It should be noted that this behavior is not unique to Zimbra. The reasons you list are exactly why many people are not favorous of SMTP. . but that be the way it be.

    See this for more info:
    Simple Mail Transfer Protocol - Wikipedia, the free encyclopedia

  8. #18
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Guys-
    It's not an open relay. If it were, abuse net would say it.

    If the e-mail rcpt to is on the server, the mail will be delivered. That's how it works.

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  2. Error message in Server status
    By Max Ma in forum Installation
    Replies: 20
    Last Post: 04-19-2007, 08:55 AM
  3. Zimbra acts as open relay by default?
    By lilwong in forum Administrators
    Replies: 2
    Last Post: 06-21-2006, 09:09 PM
  4. The mailbox and mta dies in FC4 GA version
    By meikka in forum Installation
    Replies: 72
    Last Post: 03-16-2006, 05:30 PM
  5. Zimbra Security
    By mikea in forum Administrators
    Replies: 4
    Last Post: 10-22-2005, 08:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •