>I just got this little note from our ISP saying that qmail is allowing this
>backdoor relay method through. Instead of relaying (which I don't want), it
>tries to deliver the message to our internal server. This isn't so good. I'd
>like to refuse outright anything like this, so how would I go about doing
>so?
That's not ORBS, it's the relay tester at mail-abuse.com, home of the
RBL. Tell your ISP that there's a reason I made it say "The host may
reject this message internally, however" because qmail and some other
MTAs accept anything with a valid domain after the at-sign and sort
out the mailbox part later.
When I have a chance, I'm planning to do some pattern matching on the
responses to figure out what MTA the target system is using and skip
tests that are likely to give false positives.
Incidentally, the full version of that tester lives at
http://www.abuse.net/relay.html and if you're a registered abuse.net
user, it will send a test message for you so you can see whether it
actually relays or not. Don't get cute, everything's logged and
rate-limited.
Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
>-----Original Message-----
>From: Tom J [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, August 19, 1999 11:32 AM
>To: Ben Kosse
>Subject: Re: Follow up on Relay testing
>
>
>FROM TOM JONES
>
>>>> RSET
><<< 250 flushed
>>>> MAIL FROM:<spamtest@[206.153.245.13]>
><<< 250 ok
>>>> RCPT TO:<[EMAIL PROTECTED]>
><<< 250 ok
>
>
>Uh oh, host appeared to accept a message for relay.
>The host may reject this message internally, however
--
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl,
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
