Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Open Relay Help & Telnet Security Issue

  1. #1
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default Open Relay Help & Telnet Security Issue

    I just installed Zimbra Open Source on a Mac OS X Server 10.4.10.
    It has working great. Or so I thought!!

    I have noticed mail being sent from my server (see log).
    I telnet into my server and sent mail from patty@chuckwagon.com


    Log (only fwd via smtp)

    Jul 8 03:16:19 server amavis[857]: (00857-02) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00857-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 5D1566F168
    Jul 8 04:02:25 server amavis[853]: (00853-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00853-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 7983A6F2D5
    Jul 8 04:58:19 server amavis[856]: (00856-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00856-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 2536C6F474
    Jul 8 04:58:20 server amavis[858]: (00858-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00858-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 0125D6F48A
    Jul 8 06:01:28 server amavis[861]: (00861-02) FWD via SMTP: <0664202202wzac@netcabo.pt> -> , BODY=8BITMIME 250 2.6.0 Ok, id=00861-02, from MTA([127.0.0.1]:10025): 250 Ok: queued as 140776F673
    Jul 8 08:53:33 server amavis[854]: (00854-04) FWD via SMTP: <1paulmcloughlinejke@ntl.com> -> , BODY=8BITMIME 250 2.6.0 Ok, id=00854-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 5B7366FB9D
    Jul 8 09:50:24 server amavis[859]: (00859-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00859-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 3F5AE6FD87
    Jul 8 10:17:20 server amavis[852]: (00852-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00852-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as 9D22C6FE83
    Jul 8 10:57:19 server amavis[857]: (00857-03) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00857-03, from MTA([127.0.0.1]:10025): 250 Ok: queued as 95B2E6FFC5
    Jul 8 13:17:22 server amavis[858]: (00858-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00858-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as D8AF6703D3
    Jul 8 14:05:21 server amavis[861]: (00861-03) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00861-03, from MTA([127.0.0.1]:10025): 250 Ok: queued as 8FC517056A
    Jul 8 14:11:01 server amavis[855]: (00855-06) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00855-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 00F4B705AA
    Jul 8 14:12:13 server amavis[856]: (00856-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00856-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as 40BA2705BA
    Jul 8 14:17:54 server amavis[859]: (00859-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00859-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as 414B67061A
    Jul 8 14:32:35 server amavis[860]: (00860-05) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00860-05, from MTA([127.0.0.1]:10025): 250 Ok: queued as E1AF3706CF
    Jul 8 14:32:35 server amavis[857]: (00857-04) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00857-04, from MTA([127.0.0.1]:10025): 250 Ok: queued as EF025706D4
    Jul 8 14:32:38 server amavis[858]: (00858-06) FWD via SMTP: -> , BODY=8BITMIME 250 2.6.0 Ok, id=00858-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 469E5706DE

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Zimbra, by default, is not an open relay - unless you've made any changes to allow it. Where did you telnet from when you sent the test email? If you were on your lan then it's a trusted network and you will be able to send email.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default

    phoenix

    I have sent mail via telnet from 3 different LANs. None of which are connected.
    I ran the Zimbra setup in default mode.

    Here is the emailed report that brought this to my attention.

    Generating report
    From 2007-07-07 00:00:00 to 2007-07-08 00:00:00


    36 messages found for 36 total recipients (2 unique)
    210118 total bytes
    5836.61 average bytes/msg
    1.00 average recipients/msg
    1.72 average delay/msg (sec)

    Errors

    Most active senders
    5 vince@xxxx.com
    1 kujzz@rasbank.it
    1 noreply@hysoftx.com
    1 abgsalinasnwjb@sbcglobal.net
    1 qcqo@pmwcpa.com
    1 zimbra@server.xxxxxx.com
    1 abram2469teyz@yahoo.com
    1 SRS0=0QSS=MF=godaddy.com=bounced@bounce.secureserv er.net
    1 fwcgl@schering.com.ar
    1 yviit@ptk.ru
    1 aufve@gebrvdvalk.nl
    1 6557-411krtq@online.de
    1 qyoj@smgorlando.com
    1 2catsinabagbmbr@gmail.com
    1 adamgwjl@charter.net
    1 abox86miho@hotmail.com
    1 aaaycft@abf.com
    1 edesmond@lottos.com.au
    1 abdusamedlhgj@austromail.at
    1 aaaaetxn@onet.pl
    1 xcbray@atlas.cz
    1 63210frgv@seznam.cz
    1 aegjnma@arcor-ip.net
    1 abckumarixwdw@yahoo.com
    1 52931namv@plasa.com
    1 abbas887vgai@hotmail.com
    1 bsirr@flystudy.com
    1 abufaisal0101olnt@hotmail.com
    1 isy@topweld.com
    1 aasrzeusvadx@yahoo.co.uk
    1 607530qchv@skynet.be
    1 nwrodrigues@repairman.com

    Most active recipients
    35 vince@xxxxx.com
    1 admin@xxxxx.com

    How do I disable this?
    Last edited by OfMacAndMen; 07-08-2007 at 12:43 PM.

  4. #4
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    8

    Default Test it at www.abuse.net

    You may want to test your mail sever for open relay at Abuse.net: Home Page.

    By default, Zimbra is installed not to use open relay, unless you have made some modifications already in your settings.

    Hope this helps...

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by OfMacAndMen View Post
    Here is the emailed report that brought this to my attention.
    Those are senders 'TO' you not from you or via your server.

    You might also want to check it's not an open relay with the link that randall has posted, there's plenty of other tests on the internet for that, do a google. This has also been covered in the forums once or twice, do a search for some info.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Relay is allowed on the same network as your server. Specifically, if you're using DHCP, you need to find the machine that spamming people.

  7. #7
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default But !!!

    I have tested our servers on Mail relay testing. The test shows that relays not allowed.

    BUT !!!!

    If I telnet to our Zimbra server from OUTSIDE my network and run the following command:

    telnet server.myserver.com 25
    Trying myipaddress...
    Connected to server.myserver.com.
    Escape character is '^]'.
    220 server.myserver.com ESMTP Postfix
    helo server.myserver.com
    250 server.myserver.com
    mail from: fakeaddress@myserver.com
    250 Ok
    rcpt to:vince@myserver.com
    250 Ok
    data
    354 End data with .
    test message

    .
    250 Ok: queued as 2EA2577034


    I will get an email from "undisclosed-recipients" Why?

  8. #8
    Join Date
    Apr 2007
    Posts
    39
    Rep Power
    8

    Default Security Issue ??

    I have a post in about Open Relay. (http://www.zimbra.com/forums/install...elay-help.html)

    I was told that Zimbra has open relay disabled by default. After running test from Mail relay testing. It reported no relays accepted.

    But if I telnet into my server from an OUTSIDE network and run the following command:

    telnet server.myserver.com 25
    Trying myipaddress...
    Connected to server.myserver.com.
    Escape character is '^]'.
    220 server.myserver.com ESMTP Postfix
    helo server.myserver.com
    250 server.myserver.com
    mail from: anyone@myserver.com
    250 Ok
    rcpt to:vince@myserver.com
    250 Ok
    data
    354 End data with .
    test message

    .
    250 Ok: queued as 2EA2577034

    I will receive an email from "undisclosed-recipients:;"

    I have only Macs and no virus.

    If an Zimbra employee would like to try this please contact me.

  9. #9
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    -deleted triplicate of same message
    -approved post (it was similar; duplicates and certain terms flagged this message)
    -recombining "Security Issue" with your current thread "Open Relay Help'" (you just dragged the same question across multiple threads)
    -changed title to "Open Relay Help & Telnet Security Issue"
    Last edited by mmorse; 07-10-2007 at 01:43 PM.

  10. #10
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Quote Originally Posted by OfMacAndMen View Post
    I have a post in about Open Relay. (http://www.zimbra.com/forums/install...elay-help.html)

    I was told that Zimbra has open relay disabled by default. After running test from Mail relay testing. It reported no relays accepted.

    But if I telnet into my server from an OUTSIDE network and run the following command:

    telnet server.myserver.com 25
    Trying myipaddress...
    Connected to server.myserver.com.
    Escape character is '^]'.
    220 server.myserver.com ESMTP Postfix
    helo server.myserver.com
    250 server.myserver.com
    mail from: anyone@myserver.com
    250 Ok
    rcpt to:vince@myserver.com
    250 Ok
    data
    354 End data with .
    test message

    .
    250 Ok: queued as 2EA2577034

    I will receive an email from "undisclosed-recipients:;"

    I have only Macs and no virus.

    If an Zimbra employee would like to try this please contact me.
    If the recipient is on your domain, that's not open relay.

    Relay is when a user who is not on your domain uses your server to send mail to a differing domain.

    If you blocked what you did, then no one would ever be able to get mail. . . . because the rcpt to address is on your machine.

Similar Threads

  1. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  2. Error message in Server status
    By Max Ma in forum Installation
    Replies: 20
    Last Post: 04-19-2007, 08:55 AM
  3. Zimbra acts as open relay by default?
    By lilwong in forum Administrators
    Replies: 2
    Last Post: 06-21-2006, 09:09 PM
  4. The mailbox and mta dies in FC4 GA version
    By meikka in forum Installation
    Replies: 72
    Last Post: 03-16-2006, 04:30 PM
  5. Zimbra Security
    By mikea in forum Administrators
    Replies: 4
    Last Post: 10-22-2005, 08:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •