[IMail Forum] Looking for help to block open relay

Fri, 24 May 2002 12:52:49 -0700 


Hello,

I have recently discovered that ordb.org has listed us as an open relay.
I found the following in my logs:


05:23 14:25 SMTPD(0A8300A8) [64.94.14.60] connect 64.94.14.62 port 4693
05:23 14:25 SMTPD(0A8300A8) [64.94.14.62] EHLO sm2.mail.king.com
05:23 14:25 SMTPD(0A8300A8) [64.94.14.62] MAIL FROM:<spamtest@[64.94.14.62]>
05:23 14:25 SMTPD(0A8300A8) [64.94.14.62] RCPT To:<[EMAIL PROTECTED]>
05:23 14:25 SMTPD(0A8300A8) [64.94.14.62] e:\Imail\spool\D5e360a8.SMD 1118

05:23 14:25 SMTP-(00000274) processing e:\Imail\spool\Q5e360a8.SMD
05:23 14:25 SMTP-(00000274) Trying marvin.ordb.org (0)
05:23 14:25 SMTP-(00000274) Connect marvin.ordb.org [62.242.0.190:25] (1)
05:23 14:25 SMTP-(00000274) 220 groundzero.ordb.org ESMTP Postfix
05:23 14:25 SMTP-(00000274) >EHLO mx2.cooking.com
05:23 14:25 SMTP-(00000274) 250-groundzero.ordb.org
05:23 14:25 SMTP-(00000274) 250-PIPELINING
05:23 14:25 SMTP-(00000274) 250-SIZE 10240000
05:23 14:25 SMTP-(00000274) 250-ETRN
05:23 14:25 SMTP-(00000274) 250 8BITMIME
05:23 14:25 SMTP-(00000274) >MAIL FROM:<spamtest@[64.94.14.62]>
05:23 14:25 SMTP-(00000274) 250 Ok
05:23 14:25 SMTP-(00000274) >RCPT To:<[EMAIL PROTECTED]>
05:23 14:25 SMTP-(00000274) 250 Ok
05:23 14:25 SMTP-(00000274) >DATA
05:23 14:25 SMTP-(00000274) 354 End data with <CR><LF>.<CR><LF>
05:23 14:25 SMTP-(00000274) >.
05:23 14:25 SMTP-(00000274) 250 Ok: queued as CC29C5B117
05:23 14:25 SMTP-(00000274) rdeliver marvin.ordb.org [EMAIL PROTECTED] (1) 
<spamtest@[64.94.14.62]>�1118
05:23 14:25 SMTP-(00000274) >QUIT
05:23 14:25 SMTP-(00000274) 221 Bye
05:23 14:25 SMTP-(00000274) finished e:\Imail\spool\Q5e360a8.SMD status=1

What does it take to block this type of exploit?

I used "relay mail for addresses" for the 64.94.104.0 network.

Any assistance would be helpful,

Mike K




Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Please visit the Knowledge Base for answers to frequently asked
questions:  http://www.ipswitch.com/support/IMail/























					Reply via email to