Open Relay Help & Telnet Security Issue

[OfMacAndMen]

So what you are telling me is that anyone can spam us by telnet'ing into our domain, running code that email users only our domain and there is nothing I can do about it?

[jholder]

So what you are telling me is that anyone can spam us by telnet'ing into our domain, running code that email users only our domain and there is nothing I can do about it?

Well, if your intention is to block port 25, you'll never get mail.

SPAM is analyzed based upon factors. You message was short, and didn't include any spam characteristics.

You can telnet to our server, yahoo's, Microsoft's, Apple's, etc. You can't block telnet access to port 25. That's how SMTP works.

Once the message is received, is when it's judged to be spam.

[OfMacAndMen]

What stop hackers & spammer from using this to flood your network with spam or DOS attacks?

[randall]

So what you are telling me is that anyone can spam us by telnet'ing into our domain, running code that email users only our domain and there is nothing I can do about it?

OfMacAndMen, I humbly suggest that you conduct a little audit of your network by sniffing what is being done by each workstation in your network. Some of your workstations may have been acting as a redirector (infected by some sort of intelligent trojan, like that from ISOhunt) that is why you appear to have an open relay. (i'm not exactly saying that you have this, but it won't hurt to try it.)

We have a similar case in one of our clients and it gave us pain why such a volume of spam even open relay is off and bandwidth activity is very high.

When we found out and identified those workstation, we isolated them from the network, and everything normalized. (And we re-formatted those stations tagged as redirector).

Hope this helps.

[randall]

What stop hackers & spammer from using this to flood your network with spam or DOS attacks?

Did you make your telnet test outside of your network, as in totally outside of your network?

[OfMacAndMen]

Yes. not even the same ISP

[jholder]

That's where the DNS checks section of the Zimbra admin comes in. Things like reverse lookup, and EHLO help to stop those type of things.

Mail servers are multi-threaded, which means that more than one server can connect to port 25 at a time.

If you have those DNS Checks, you reduce the chance of spam getting in.

As far as DDoS attacks, it would take a lot (I mean a lot) to take a mail server down.

It should be noted that this behavior is not unique to Zimbra. The reasons you list are exactly why many people are not favorous of SMTP. . but that be the way it be.

See this for more info:
Simple Mail Transfer Protocol - Wikipedia, the free encyclopedia

[jholder]

Guys-
It's not an open relay. If it were, abuse net would say it.

If the e-mail rcpt to is on the server, the mail will be delivered. That's how it works.