Open relay question
Dear, I'm in Internet and testing if my mail server is an Open Relay. So I execute: telnet mail.mycompany.com 25 After that I do: mail from: us...@mycompany.com OK rcpt to: us...@mycompany.com OK data This is a test !!! . QUEUED The mail from user1 to user2 (both from my company) was sent OK !!! Is this behavior normal or is it an open relay ??? Can I sent a message from one local user to another local user, being that I come from Internet and not from LAN ??? Thanks a lot A.F.
Re: Open relay question
On 11/5/2010 2:28 PM, Alejandro Facultad wrote: Dear, I'm in Internet and testing if my mail server is an Open Relay. So I execute: telnet mail.mycompany.com 25 After that I do: mail from: us...@mycompany.com OK rcpt to: us...@mycompany.com OK data This is a test !!! . QUEUED The mail from user1 to user2 (both from my company) was sent OK !!! Is this behavior normal or is it an open relay ??? Can I sent a message from one local user to another local user, being that I come from Internet and not from LAN ??? Thanks a lot A.F. Yes, that's normal. Open relay means the RCPT can be an unrelated domain eg. @hotmail.com.
Re: Open relay question
Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? I now SPF is ideal for avoid this behavior, but I think the first example is an open relay feature. Thanks a lot. De: Noel Jones njo...@megan.vbhcs.org Para: postfix-users@postfix.org Enviado: viernes, 5 de noviembre, 2010 16:32:01 Asunto: Re: Open relay question On 11/5/2010 2:28 PM, Alejandro Facultad wrote: Dear, I'm in Internet and testing if my mail server is an Open Relay. So I execute: telnet mail.mycompany.com 25 After that I do: mail from: us...@mycompany.com OK rcpt to: us...@mycompany.com OK data This is a test !!! . QUEUED The mail from user1 to user2 (both from my company) was sent OK !!! Is this behavior normal or is it an open relay ??? Can I sent a message from one local user to another local user, being that I come from Internet and not from LAN ??? Thanks a lot A.F. Yes, that's normal. Open relay means the RCPT can be an unrelated domain eg. @hotmail.com.
Re: Open relay question
On 11/05/2010 03:41 PM, Alejandro Facultad wrote: Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? I now SPF is ideal for avoid this behavior, but I think the first example is an open relay feature. What about smtp auth? Thanks a lot. *De:* Noel Jones njo...@megan.vbhcs.org *Para:* postfix-users@postfix.org *Enviado:* viernes, 5 de noviembre, 2010 16:32:01 *Asunto:* Re: Open relay question On 11/5/2010 2:28 PM, Alejandro Facultad wrote: Dear, I'm in Internet and testing if my mail server is an Open Relay. So I execute: telnet mail.mycompany.com 25 After that I do: mail from: us...@mycompany.com mailto:us...@mycompany.com OK rcpt to: us...@mycompany.com mailto:us...@mycompany.com OK data This is a test !!! . QUEUED The mail from user1 to user2 (both from my company) was sent OK !!! Is this behavior normal or is it an open relay ??? Can I sent a message from one local user to another local user, being that I come from Internet and not from LAN ??? Thanks a lot A.F. Yes, that's normal. Open relay means the RCPT can be an unrelated domain eg. @hotmail.com.
Re: Open relay question
On Fri, 2010-11-05 at 12:41 -0700, Alejandro Facultad wrote: Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? I now SPF is ideal for avoid this behavior, but I think the first example is an open relay feature. Thanks a lot. __ De: Noel Jones njo...@megan.vbhcs.org Para: postfix-users@postfix.org Enviado: viernes, 5 de noviembre, 2010 16:32:01 Asunto: Re: Open relay question On 11/5/2010 2:28 PM, Alejandro Facultad wrote: Dear, I'm in Internet and testing if my mail server is an Open Relay. So I execute: telnet mail.mycompany.com 25 After that I do: mail from: us...@mycompany.com OK rcpt to: us...@mycompany.com OK data This is a test !!! . QUEUED Hello, If you can connect into a mail server externally (e.g mycompany.com) and send mail through that server without having to provide any means of authentication to another domain entirely (e.g myothercompany.com) then that is an open relay. AFAICT your example used the same domain. If the mail server was configured to accept mail for 'mycompany.com' then it's doing its job in your example. HTH. Regards, Pete. signature.asc Description: This is a digitally signed message part
Re: Open relay question
On 11/05/2010 12:41 PM, Alejandro Facultad wrote: Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? I now SPF is ideal for avoid this behavior, but I think the first example is an open relay feature. Thanks a lot. Hi Alejandro, The example you described is not relaying. Relaying is when the MTA you connected to needs to send the message to another server. Being an open relay means the MTA will receive messages for anyone on the Internet to anyone on the Internet. Hope that clears things up. -will
Re: Open relay question
On 11/5/2010 2:41 PM, Alejandro Facultad wrote: Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? I now SPF is ideal for avoid this behavior, but I think the first example is an open relay feature. Open relay is about the recipient domain, not the sender domain. If you don't want to allow your own domain as unauthenticated sender, you can control that with a check_sender_access map. Examples are in the mail list archives.
Re: Open relay question
On Fri, Nov 05, 2010 at 12:41:06PM -0700, Alejandro Facultad wrote: Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? Don't confuse the envelope sender (which most recipients neither see nor understand) with the From: header which most recipients do see and don't understand. The From: header is easily (and often legitimately) forged. For example, the Postfix-users list sends your own posts to you, from the Internet. The From: header still bears your address. Sure, the envelope sender is not, but the risk you pose applies to the From: header not the envelope. Applying policy restrictions to the From: header, is fraught with complexity and peril. I don't want to get into the politics of SIDF, DKIM, ... the bottom line is that people largely have unrealistic expectations of what email authentication technologies can do for them. -- Viktor.
Re: Open relay question
Le 05/11/2010 20:41, Alejandro Facultad a écrit : Thanks but, is it right if coming from Internet I enter to your mail server and after that I send a message from your mail account to your project manager's mail account telling he's an asshole ??? that's the same as if someone sends you a letter claiming tobe your father and saying the same. it's a lie, not an open relay. an open relay is when someone causes you to annoy someone else. said otherwise: I don't care if joe tells your boss he is an asshole, whomever joe might be. but I wouldn't be happy if _joe_ makes _you_ send _me_ a message (whatever the message is). I now SPF is ideal for avoid this behavior, but I think the first example is an open relay feature. Please don't talk about spf again on this list. spf devots are not welcome here.
Re: Open relay question
Le 05/11/2010 22:26, Alfonso Alejandro Reyes Jimenez a écrit : But that would be spoofing not relay right? Relay is when you let other users send emails to any other domain claiming be someone in your organization. no there's no claim. open relay is when someone uses your server to send mail to people outside of your organisation. it doesn't matter who they claim to be. they can tell the truth. the thing is: it is unauthorized relay. a long time ago, open relay was a natural thing (collaboration). unfortunately, spammers/abusers have killed this collaboration. Spoofing is when you pretend to be someone you are not, right now I cant remember how to prevent this kind of attacks but you may search google (that’s how I fixed it). the first question to ask yourself is: why would you care? in most cases, the recipient can take care of that.