Re: [IMail Forum] Help with listing on ORDB.org !!!

[Matt]

Change your relay setting to "Relay mail for Addresses" and that will close up your server.  The way you have it set now, it allows anyone claiming to have a locally hosted address to send E-mail, and that's quite simple to forge.  You will need to list your local IP space in the address dialogue and/or set up your mail clients to use SMTP AUTH.  Ipswitch's site should have articles about this in their knowledge base under "open relay." Matt Chris Ulrich wrote: For some reason, we've been blacklisted on ORDB.  We're on 7.08 and haven't changed any settings in ages.  We're very tight on relay settings. They report: ----------------------------------------------------------------------------------- Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from mail.cydian.com (emailconfig.cydian.com [208.34.50.132])         by bockscar.ordb.org (Postfix) with ESMTP id F2189557C         for <[EMAIL PROTECTED]>; Tue, 20 Apr 2004 13:24:53 +0000 (GMT) Received: from localhost.localdomain [212.242.88.2] by mail.cydian.com with ESMTP   (SMTPD32-7.07) id A49B8C009C; Tue, 20 Apr 2004 09:24:43 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-ORDB-Envelope-From: [EMAIL PROTECTED] X-ORDB-Envelope-To: [EMAIL PROTECTED] Subject: ORDB.org check (0.7097115109686880.8643653302) ip=208.34.50.132 Message-Id: <[EMAIL PROTECTED]> Date: Tue, 20 Apr 2004 13:24:53 +0000 (GMT) ----------------------------------------------------------------------------------- Obviously, they're sending as "[EMAIL PROTECTED]" My question is how? This account not only has a long cryptic password, but is disabled. I know I can't delete the account. On the admin screen, I've checked: User Cannot Change Password, Account is Disabled, and Hide from Information Services. Not checked: User cannot modify LDAP attributes, allow web access, host administrator, list administrator, imail system administrator On SMTP security, I have slected: --------------------------------- * relay for local users only and checked: --------------------------------- allow remote mail to local groups refuse null() senders check valid sender auto-deny possible hack attempts disable SMTP-VRFY command and not checked: --------------------------------- allow remote view of local groups disable SMTP-AUTH reporting Am I missing anything? Does anyone have any ideas on this?  I'm getting irate calls from customers whose email are getting bounced, and from what I can see, it should be config'd correctly. Thanks! Chris                  -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================