I think it's true (Re: [Spambayes] Spambayes as an open mil relay
???)
Jeff Epler
jepler at unpythonic.net
Mon Mar 1 19:51:23 EST 2004
Tim,
My port-25 SMTP server is not an open relay[1]. Connect from any IP
address outside of a very small set, try to send e-mail to
<tim at fourstonesexpressions.com> and you'll get a session like this:
Connected to bald.unpythonic.net:25
<<< 220 bald.unpythonic.net ESMTP Sendmail 8.11.6/8.11.6; Mon, 1 Mar 2004 18:38:14 -0600
>>> HELO example.com
<<< 250 bald.unpythonic.net Hello spammer.example.com [198.xxx.x.x], pleased to meet you
>>> MAIL FROM:<>
<<< 250 2.1.0 <>... Sender ok
>>> RCPT TO: tim at fourstonesexpressions.com
<<< 550 5.7.1 tim at fourstonesexpressions.com... Relaying denied
Now, try it through sb_smtpproxy:
Connected to bald.unpythonic.net:25001
<<< 220 bald.unpythonic.net ESMTP Sendmail 8.11.6/8.11.6; Mon, 1 Mar 2004 18:41:44 -0600
>>> HELO example.com
<<< 250 bald.unpythonic.net Hello bald.unpythonic.net [206.222.212.218], pleased to meet you
>>> MAIL FROM:<>
<<< 250 2.1.0 <>... Sender ok
>>> RCPT TO: tim at fourstonesexpressions.com
<<< 250 2.1.5 tim at fourstonesexpressions.com... Recipient ok
sb_smtpproxy makes sendmail's smtpd see a connection from a local IP
address (look at the response to HELO, which says bald believes the
connection is from bald, not spammer.example.com), and the local mail
server dutifully allows the specification of a recipient at any domain.
sb_smtpproxy should fix this problem by binding only the loopback
interface. Failure to do so means that running sb_smtpproxy gives
spammers free license to send spam through your machine, even in
situations where the underlying smtpd forbids relaying from foreign IP
addresses.
Jeff
[1] Just in case there was a configuration error in my smtpd setup, I
decided to check on a well-known website offering many sophisticated
tests for open relays. My system passed.
http://www.abuse.net/cgi-bin/relaytest?ADDR=bald.unpythonic.net&EMAIL=&PW=&TEST=Test+for+relay
Mail relay testing
Connecting to bald.unpythonic.net for anonymous test ...
<<< 220 bald.unpythonic.net ESMTP Sendmail 8.11.6/8.11.6; Mon, 1 Mar
2004 18:47:20 -0600
>>> HELO www.abuse.net
<<< 250 bald.unpythonic.net Hello www.abuse.net [208.31.42.77], pleased to meet you
Relay test 1
>>> RSET
<<< 250 2.0.0 Reset state
>>> MAIL FROM:<spamtest at abuse.net>
<<< 250 2.1.0 <spamtest at abuse.net>... Sender ok
>>> RCPT TO:<securitytest at abuse.net>
<<< 550 5.7.1 <securitytest at abuse.net>... Relaying denied
[...]
Relay test 17
>>> RSET
<<< 250 2.0.0 Reset state
>>> MAIL FROM:<spamtest at unpythonic.net>
<<< 250 2.1.0 <spamtest at unpythonic.net>... Sender ok
>>> RCPT TO:<abuse.net!securitytest@[206.222.212.218]>
<<< 550 5.7.1 <abuse.net!securitytest@[206.222.212.218]>... Relaying denied
Relay test result
All tests performed, no relays accepted.
More information about the Spambayes
mailing list