Results 1 to 8 of 8
Thread: Is my server allowing relays??
-
08-22-2002, 10:46 AM #1Web Hosting Guru
- Join Date
- Aug 2000
- Posts
- 251
Is my server allowing relays??
Someone just sent me this email they recieved. It is coming from my email address, but I didn't sent it.
webmaster <webmaster@powwows.com>
To :
snappalistic@hotmail.com
Subject :
Of Service
Date :
Wed, 21 Aug 2002 16:01:01 -0400 (EDT)
MIME-Version: 1.0
Received: from [64.12.138.8] by hotmail.com (3.2) with ESMTP id MHotMailBF2D7AB700504136E822400C8A08CB813; Wed, 21 Aug 2002 17:26:45 -0700
Received: from logs-wb.proxy.aol.com (logs-wb.proxy.aol.com [205.188.192.135]) by rly-ip04.mx.aol.com (v87.21) with ESMTP id RELAYIN3-0821160238; Wed, 21 Aug 2002 16:02:38 -0400
Received: from Ceelh (AC872A11.ipt.aol.com [172.135.42.17])by logs-wb.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7LK117302501for <snappalistic@hotmail.com>; Wed, 21 Aug 2002 16:01:01 -0400 (EDT)
From jschnapp@pipeline.com Wed, 21 Aug 2002 17:28:46 -0700
Message-Id: <200208212001.g7LK117302501@logs-wb.proxy.aol.com>
X-Apparently-From: MRPATYK@aol.comPaul Gowder
Webmaster
PowWows.com
-
08-22-2002, 11:02 AM #2Web Hosting Master
- Join Date
- May 2001
- Posts
- 8,076
Check the message which was posted a few days ago call 'SMTP Relaying' http://www.webhostingtalk.com/showth...threadid=68439
http://www.batchimage.com - Offering Batch Image Processing and TIFF/PDF Software Solutions
-
08-22-2002, 11:08 AM #3Web Hosting Guru
- Join Date
- Aug 2000
- Posts
- 251
How does that help??
I don't understand that thread.
Pop-before-relay doesn't work well??? Then what is my alternative.Paul Gowder
Webmaster
PowWows.com
-
08-22-2002, 11:34 AM #4Web Hosting Guru
- Join Date
- Jun 2002
- Posts
- 289
Paul,
The mail you have posted came from AOL (64.12.138.8). IF it had your email address in the From field, then it's simply been spoofed (anyone can put whatever they like in the From: field) but the email clearly hasn't come from your server. This is a common trick used by spammers so that return-errors go to other people.
If you want to test your server for an open relay, pop along here:
http://www.abuse.net/relay.html
Read it very carefully if you don't go with the anonymous mode so that you don't kick off a false-positive.
-
08-22-2002, 11:35 AM #5Web Hosting Guru
- Join Date
- Jun 2002
- Posts
- 289
Incidentally, you should only trust the very last appended (i.e. at the top) Received: line in an email header that you are checking for false routing, all the other instances could be (and in the case of SPAM, probably are) spoofed.
-
08-22-2002, 02:05 PM #6Web Hosting Guru
- Join Date
- Aug 2000
- Posts
- 251
Thanks! I didn't think it was relay. Anyway to stop spoofing?
Paul Gowder
Webmaster
PowWows.com
-
08-22-2002, 05:13 PM #7Web Hosting Guru
- Join Date
- Jun 2002
- Posts
- 289
Nope, that's why they do it. The only way would be to hide your email address and use form to email. Unfortunately, spammers will do anything these days, and impersonating From: addresses is just one of them.
-
08-22-2002, 07:59 PM #8Web Hosting Master
- Join Date
- May 2001
- Posts
- 8,076
Originally posted by pgowder
How does that help??
I don't understand that thread.
Pop-before-relay doesn't work well??? Then what is my alternative.
To prevent SMTP Relay through your server, you need to close all relay by enabling the POP-before-SMTP and remove all entries under the Relay for following host and save. Once you do that, only if the user is authenticated via POP then he could email through your server. If he cannot then it would be rejected thus effectively blocking the relay security hole.
Others may be able to 'fake' your email address when sending out mails but a check at the header would tell it does not originate from your site.
But from your email, it shows that the mail originates from an AOL account holder and it did not pass through your server SMTP.http://www.batchimage.com - Offering Batch Image Processing and TIFF/PDF Software Solutions