| Welcome to the Zimbra - Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
07-08-2007, 01:03 PM
| | |  Open Relay Help & Telnet Security Issue
I just installed Zimbra Open Source on a Mac OS X Server 10.4.10.
It has working great. Or so I thought!!
I have noticed mail being sent from my server (see log).
I telnet into my server and sent mail from patty@chuckwagon.com
Log (only fwd via smtp)
Jul 8 03:16:19 server amavis[857]: (00857-02) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00857-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 5D1566F168
Jul 8 04:02:25 server amavis[853]: (00853-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00853-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 7983A6F2D5
Jul 8 04:58:19 server amavis[856]: (00856-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00856-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 2536C6F474
Jul 8 04:58:20 server amavis[858]: (00858-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00858-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 0125D6F48A
Jul 8 06:01:28 server amavis[861]: (00861-02) FWD via SMTP: <0664202202wzac@netcabo.pt> -> , BODY=8BITMIME 250 2.6.0 Ok, id=00861-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 140776F673
Jul 8 08:53:33 server amavis[854]: (00854-04) FWD via SMTP: <1paulmcloughlinejke@ntl.com> -> , BODY=8BITMIME 250 2.6.0 Ok, id=00854-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 5B7366FB9D
Jul 8 09:50:24 server amavis[859]: (00859-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00859-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 3F5AE6FD87
Jul 8 10:17:20 server amavis[852]: (00852-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00852-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 9D22C6FE83
Jul 8 10:57:19 server amavis[857]: (00857-03) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00857-03, from MTA([127.0.0.1]:10025): 250 Ok: queued as 95B2E6FFC5
Jul 8 13:17:22 server amavis[858]: (00858-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00858-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as D8AF6703D3
Jul 8 14:05:21 server amavis[861]: (00861-03) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00861-03, from MTA([127.0.0.1]:10025): 250 Ok: queued as 8FC517056A
Jul 8 14:11:01 server amavis[855]: (00855-06) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00855-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 00F4B705AA
Jul 8 14:12:13 server amavis[856]: (00856-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00856-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as 40BA2705BA
Jul 8 14:17:54 server amavis[859]: (00859-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00859-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as 414B67061A
Jul 8 14:32:35 server amavis[860]: (00860-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00860-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as E1AF3706CF
Jul 8 14:32:35 server amavis[857]: (00857-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00857-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as EF025706D4
Jul 8 14:32:38 server amavis[858]: (00858-06) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00858-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 469E5706DE  |
07-08-2007, 01:25 PM
| | Zimbra Consultant & Moderator | |
Posts: 11,505
| |
Zimbra, by default, is not an open relay - unless you've made any changes to allow it. Where did you telnet from when you sent the test email? If you were on your lan then it's a trusted network and you will be able to send email.
__________________
Regards
Bill
|
07-08-2007, 01:38 PM
| | |
Last edited by OfMacAndMen : 07-08-2007 at 01:43 PM.
|
07-08-2007, 09:45 PM
| | Advanced Member | |
Posts: 184
| | Test it at www.abuse.net
You may want to test your mail sever for open relay at Abuse.net: Home Page.
By default, Zimbra is installed not to use open relay, unless you have made some modifications already in your settings.
Hope this helps...  |
07-09-2007, 12:59 AM
| | Zimbra Consultant & Moderator | |
Posts: 11,505
| |
Quote:
Originally Posted by OfMacAndMen  Here is the emailed report that brought this to my attention. | Those are senders 'TO' you not from you or via your server.
You might also want to check it's not an open relay with the link that randall has posted, there's plenty of other tests on the internet for that, do a google. This has also been covered in the forums once or twice, do a search for some info.
__________________
Regards
Bill
|
07-09-2007, 01:05 PM
| | Zimbra-Yahoo Consultant | |
Posts: 5,608
| |
Relay is allowed on the same network as your server. Specifically, if you're using DHCP, you need to find the machine that spamming people. |
07-10-2007, 02:13 PM
| | | But !!!
I have tested our servers on Mail relay testing. The test shows that relays not allowed.
BUT !!!!
If I telnet to our Zimbra server from OUTSIDE my network and run the following command:
telnet server.myserver.com 25
Trying myipaddress...
Connected to server.myserver.com.
Escape character is '^]'.
220 server.myserver.com ESMTP Postfix
helo server.myserver.com
250 server.myserver.com
mail from: fakeaddress@myserver.com
250 Ok
rcpt to:vince@myserver.com
250 Ok
data
354 End data with .
test message
.
250 Ok: queued as 2EA2577034
I will get an email from "undisclosed-recipients" Why? |
07-10-2007, 02:25 PM
| | | Security Issue ??
I have a post in about Open Relay. ( http://www.zimbra.com/forums/install...elay-help.html)
I was told that Zimbra has open relay disabled by default. After running test from Mail relay testing. It reported no relays accepted.
But if I telnet into my server from an OUTSIDE network and run the following command:
telnet server.myserver.com 25
Trying myipaddress...
Connected to server.myserver.com.
Escape character is '^]'.
220 server.myserver.com ESMTP Postfix
helo server.myserver.com
250 server.myserver.com
mail from: anyone@myserver.com
250 Ok
rcpt to:vince@myserver.com
250 Ok
data
354 End data with .
test message
.
250 Ok: queued as 2EA2577034
I will receive an email from "undisclosed-recipients:;"
I have only Macs and no virus.
If an Zimbra employee would like to try this please contact me. |
07-10-2007, 02:35 PM
| | Zimbra Consultant | |
Posts: 5,814
| |
-deleted triplicate of same message
-approved post (it was similar; duplicates and certain terms flagged this message)
-recombining "Security Issue" with your current thread "Open Relay Help'" (you just dragged the same question across multiple threads)
-changed title to "Open Relay Help & Telnet Security Issue"
Last edited by mmorse : 07-10-2007 at 02:43 PM.
|
07-10-2007, 07:50 PM
| | Zimbra-Yahoo Consultant | |
Posts: 5,608
| |
Quote:
Originally Posted by OfMacAndMen I have a post in about Open Relay. ( http://www.zimbra.com/forums/install...elay-help.html)
I was told that Zimbra has open relay disabled by default. After running test from Mail relay testing. It reported no relays accepted.
But if I telnet into my server from an OUTSIDE network and run the following command:
telnet server.myserver.com 25
Trying myipaddress...
Connected to server.myserver.com.
Escape character is '^]'.
220 server.myserver.com ESMTP Postfix
helo server.myserver.com
250 server.myserver.com
mail from: anyone@myserver.com
250 Ok
rcpt to:vince@myserver.com
250 Ok
data
354 End data with .
test message
.
250 Ok: queued as 2EA2577034
I will receive an email from "undisclosed-recipients:;"
I have only Macs and no virus.
If an Zimbra employee would like to try this please contact me. | If the recipient is on your domain, that's not open relay.
Relay is when a user who is not on your domain uses your server to send mail to a differing domain.
If you blocked what you did, then no one would ever be able to get mail. . . . because the rcpt to address is on your machine. | | Thread Tools | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
