First and foremost, a big thank you from me for myself and all the SIMS community for your contributions including this one and your many previous and hopefully future ones.
Please see below for additional information and questions.
At 6:50 AM -0800 12/18/02, Paul Didzerekis imposed structure on a stream of electrons, yielding:Lists.3-rivers.com is the backup mail server to the 3-rivers.com domain where the primary is mail.3-rivers.com. Lists.3-rivers.com is also our mailing list distribution server for Macjordomo for a few mailing lists. Both copies of SIMS had each other in their "Client Host" list. I had removed lists.3-rivers.com from mail.3-rivers.com's "Client Host" list and tried their tests again but still failed. I have nothing special entered in either router that should be allowing this relaying. What do you need to know about our setup to help us in figuring out how to stop this? I can provide screen shots of setup pages if you want them.
Hello,
I just got this email from ordb.org saying that we have been added to their blacklist for some stupid reason. We have never been an open relay and are very much anti-spam and anti-spammer. We are not an open relay and are running the newest development/beta version of SIMS. I need someone to tell me why the hell we failed their test and how to fix it.
The URL provided with details shows that this was a multi-hop: the tester submitted the mail to a SIMS machine calling itself lists.3-rivers.com, with an unusual target address that had embedded routing telling the mail server to route the message through the host 3-rivers.com:
Received: from lists.3-rivers.com ([63.95.200.2] verified)
by 3-rivers.com (Stalker SMTP Server 1.8b9d14)
with ESMTP id S.0000698793 for ; Tue, 17 Dec 2002 22:13:37 -0800
Received: from [212.242.88.3] (HELO localhost.localdomain)
by lists.3-rivers.com (Stalker SMTP Server 1.8b9d14)
with ESMTP id S.0000072427 for <@3-rivers.com:[EMAIL PROTECTED]>; Tue, 17 Dec 2002 22:16:28 -0800
The solution is to make this impossible. There are many ways to do that, but without knowing how you are using those 2 machines, I can't say what will work for you. The basic problem is that 'lists' is happy to accept and pass along any mail aimed at what it perceives as a '3-rivers.com' address and '3-rivers.com' trusts anything 'lists' hands it for relaying.
I turned up the logging level and submitted this server to them to test again. I can send you privately this more detailed log for you to review, but will only do so if you are willing to accept it. I don't want to send you unwanted email. Let me know if it is okay to send you this.
FWIW, the log you provided lacks the necessary detail to figure this out. You'd need the SMTP and SYSTEM/ROUTER messages down to level 5 to see this definitively, absent the ORDB evidence. The lines relevasnt to the successful test were:
22:16:27 3 SMTP-015(localhost.localdomain) Failed to verify. Real address is [212.242.88.3:4214]
22:16:28 2 SMTP-015([212.242.88.3]) {S.0000072427} received, 1030 bytes
22:16:28 2 SYSTEM [S.0000072427] S.0000072427 1+0 From:[EMAIL PROTECTED]
22:16:29 2 SMTP-028(3-rivers.com) [S.0000072427] sent, 916 bytes
22:16:29 2 SYSTEM(SMTP) [S.0000072427] sent to (3-rivers.com)marvin%marvin.ordb.org
22:16:29 2 SYSTEM [S.0000072427] deleted
That is the problem, lists does talk to outside machines. I suppose that I could have it send "via Foreign Mail Server" and set that to be mail.3-rivers.com but that would still leave it an open relay and would probably get mail.3-rivers.com blacklisted also.
In the end, this may not be such a bad thing. It looks like 'lists' (63.95.200.2) is the ORDB-listed machine, not '3-rivers.com' (63.95.200.5) so unless 'lists' is talking to external machines you should never have a rejection problem, and I have never seen any example of spammers actually using this technique, so you may never have a spam relaying problem. Essentially, a spammer has to guess at the configuration of your network (i.e. know about both machines and their names) and construct a target address for each recipient using the '@3-rivers.com:' routed address trick. That's too much fancy work given the universe of single-hop and trivial multi-hop relays out there.
How could I do that and still have list.3-rivers.com perform backup for mail.3-rivers.com and also still send out the mail to the mailing lists it serves?
I suspect that the best solution is to make 'lists' inaccessible directly from the outside world, or make it refuse to deliver mail that isn't local, even if it has a 3-rivers.com address. Exactly how to do this really depends on what the intended use and relationship between the 2 machines is.
The problem that I see is that SIMS is allowing this routing "trick" in the first place and that it needs to be turned off in the code by stalker.
Thanks,
Paul Didzerekis
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
