On Thu, 2 May 2002, Gerrit P. Haase wrote:
> > Hello, > > though I have this in smtprelay.tab: > > "192.168.5.0"[tab]"255.255.255.0"[newline] > "127.0.0.1"[tab]"255.255.255.0"[newline] > > XMail did relay about 20000 mails in the last three days. > > To receive mail to my domain I have no other restrict settings, > that is in smtp.ipmap.tab: > "0.0.0.0"[tab]"0.0.0.0"[tab]"ALLOW"[tab]1[newline] > > So everyone should be able to send mail to my local domain mailboxes. > > Why is XMail relaying for everyone? > > Some of the log entries: > "iokaste.koeln.convey.de" "koeln.convey.de" "208.11.84.49" "2002-04-29 >17:30:06" "mx1.mail.yahoo.com" "bigfoot.com" "[EMAIL PROTECTED]" >"[EMAIL PROTECTED]" "S4622" "RCPT=OK" "" "0" > "iokaste.koeln.convey.de" "koeln.convey.de" "208.11.84.49" "2002-04-29 >17:30:07" "mx1.mail.yahoo.com" "yahoo.com" "[EMAIL PROTECTED]" >"[EMAIL PROTECTED]" "S4623" "RCPT=OK" "" "0" > "iokaste.koeln.convey.de" "koeln.convey.de" "208.11.84.49" "2002-04-29 >17:30:07" "mx1.mail.yahoo.com" "yahoo.com" "[EMAIL PROTECTED]" >"[EMAIL PROTECTED]" "S4623" "RCPT=OK" "" "0" > "iokaste.koeln.convey.de" "koeln.convey.de" "208.11.84.49" "2002-04-29 >17:30:07" "mx1.mail.yahoo.com" "yahoo.com" "[EMAIL PROTECTED]" >"[EMAIL PROTECTED]" "S4623" "RCPT=OK" "" "0" > "iokaste.koeln.convey.de" "koeln.convey.de" "208.11.84.49" "2002-04-29 >17:30:07" "mx1.mail.yahoo.com" "yahoo.com" "[EMAIL PROTECTED]" >"[EMAIL PROTECTED]" "S4623" "RCPT=OK" "" "0" > "iokaste.koeln.convey.de" "koeln.convey.de" "208.11.84.49" "2002-04-29 >17:30:08" "mx1.mail.yahoo.com" "yahoo.com" "[EMAIL PROTECTED]" >"[EMAIL PROTECTED]" "S4623" "RCPT=OK" "" "0" > > > Though 209.208.0.15 isn't in smtprelay.tab the mail was delivered > (and all those spammers mail who found my server to be an open > relay too). > > I got this from an rbl checking system: > ==== > >From [EMAIL PROTECTED] Wed May 1 22:31:33 2002 > Return-Path: <[EMAIL PROTECTED]> > Received: from koeln.convey.de ([62.138.63.18]) > by rt.njabl.org (8.11.6/8.11.6) with ESMTP id g422VWi00406 > for <[EMAIL PROTECTED]>; Wed, 1 May 2002 22:31:32 -0400 > Date: Wed, 1 May 2002 22:31:32 -0400 > Message-Id: <[EMAIL PROTECTED]> > Received: from rt.njabl.org (209.208.0.15) > by koeln.convey.de with [XMail 1.8 (Win32/Ix86) ESMTP Server] > id <S5EDD> for <[EMAIL PROTECTED]> from <[EMAIL PROTECTED]>; > Thu, 02 May 2002 04:31:29 +0200 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > X-RT-From: [EMAIL PROTECTED] > X-RT-To: [EMAIL PROTECTED] > X-RT-Subject: relaytest: 62.138.63.18 > Subject: relaytest: 62.138.63.18 > > This is an automated test message for the purpose of finding and > blacklisting open relays. If you have any questions, see > http://njabl.org/ > ==== if this is your smtprelay.tab : "192.168.5.0"[tab]"255.255.255.0"[newline] "127.0.0.1"[tab]"255.255.255.0"[newline] _and_ the client is connecting from : 208.11.84.49 _and_ you do not handle in some way the target domain, it's simply not possible that this happens. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
