Hi Scott,
On 3/13/03 1:47 PM, R. Scott Perry wrote: > >> We have a condition where there is someone using one of the email accounts >> of a customer to relay email. Each time they show up in the logs they have a >> different IP so it is pointless to block the specific Ips. >> >> No Mail Relay is selected in the SMTP settings of Imail (7.14) > > If you use the "No Mail Relay" option, and someone successfully sends an > E-mail to an address not on your server, either [1] They know the password > for a valid account on your server, or [2] They have found a "back door" > (such as the "percent hack", which Declude JunkMail will catch). I use f-Prot Anti-Virus and have the latest updates. I did a scan of the server and found no problems. I will have to spend more time reviewing "percent hack" as I am not informed on this. >> I've used the test from: >> http://members.iinet.net.au/~remmie/relay/index.cgi >> Using "mail.sgdesign.net" as the server name to check my server and I found >> it to confirm a relay of the intended email address if it is one from my >> server. If it is on another location I have gotten messages that elude to no >> relay being allowed. > > Do you mean *from* or *to* an address on your server? I have two email accounts I have used in the test from the URL above. One account is on a shared hosting server ([EMAIL PROTECTED]) and one on my dedicated email server ([EMAIL PROTECTED]). From the test site the .net account prompts Declude to note the test as a virus email and the test site eludes to an open relay condition. The test through my server to the .COM account returns a response saying that no relaying is allowed on the server. Declude message: Declude Virus v1.65 caught the [Outlook 'Blank Folding' Vulnerability] virus in [No attachment] from [EMAIL PROTECTED] to: [EMAIL PROTECTED] >From testing site to .COM account: From: [EMAIL PROTECTED] <<< 250 ok its reset >>>> MAIL FROM: <<< 250 ok >>>> RCPT TO:<@[161.58.93.69]:[EMAIL PROTECTED]> <<< 550 not local host sgdesign.com, not a gateway FAILURE Unfortunately the program failed because... The host machine does not relay >From testing site to .NET account: To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] >>>> MAIL FROM: <<< 250 ok >>>> RCPT TO: <<< 250 ok its for >>>> DATA <<< 354 ok, send it; end with . >>>> MESSAGE <<< 250 Message queued SUCCESS Relay Accepted - final response code 250 If you dont recieve it then its not a relay (Its still a Bad Thing (TM) that it accepted) Check your email > Your mailserver must accept all E-mail *to* users on your server (that > isn't relaying). This may be part of the customer complain as they are getting all sorts of messages telling them of email problems. > If E-mail *from* users on your server can be relayed (to addresses that are > not on your server), then you are using the "Relay for local users" setting > (which should not be used). > > Note that the test at the URL above requires that you enter a non-local > address for testing. If you enter a local address, it won't work. > >> We've now been blocked by AOL and do not know what else to do. > > Do you have an example from the IMail SMTP log file? That should help > determine the problem. I posted some prior log clips. If you need to see more detailed clips (more lines) I can gather these. Just let me know what you need. Thanks for the assistance! Regards, Steve Guluk SGDesign (949) 661-9333 ICQ: 7230769 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
