Results 1 to 8 of 8
  1. #1

    Is my server allowing relays??

    Someone just sent me this email they recieved. It is coming from my email address, but I didn't sent it.

    webmaster <webmaster@powwows.com>

    To :
    snappalistic@hotmail.com

    Subject :
    Of Service

    Date :
    Wed, 21 Aug 2002 16:01:01 -0400 (EDT)

    MIME-Version: 1.0
    Received: from [64.12.138.8] by hotmail.com (3.2) with ESMTP id MHotMailBF2D7AB700504136E822400C8A08CB813; Wed, 21 Aug 2002 17:26:45 -0700
    Received: from logs-wb.proxy.aol.com (logs-wb.proxy.aol.com [205.188.192.135]) by rly-ip04.mx.aol.com (v87.21) with ESMTP id RELAYIN3-0821160238; Wed, 21 Aug 2002 16:02:38 -0400
    Received: from Ceelh (AC872A11.ipt.aol.com [172.135.42.17])by logs-wb.proxy.aol.com (8.10.0/8.10.0) with SMTP id g7LK117302501for <snappalistic@hotmail.com>; Wed, 21 Aug 2002 16:01:01 -0400 (EDT)
    From jschnapp@pipeline.com Wed, 21 Aug 2002 17:28:46 -0700
    Message-Id: <200208212001.g7LK117302501@logs-wb.proxy.aol.com>
    X-Apparently-From: MRPATYK@aol.com
    How can I see if this is a relay?
    Paul Gowder
    Webmaster
    PowWows.com

  2. #2
    Check the message which was posted a few days ago call 'SMTP Relaying' http://www.webhostingtalk.com/showth...threadid=68439
    http://www.batchimage.com - Offering Batch Image Processing and TIFF/PDF Software Solutions

  3. #3
    How does that help??

    I don't understand that thread.

    Pop-before-relay doesn't work well??? Then what is my alternative.
    Paul Gowder
    Webmaster
    PowWows.com

  4. #4
    Paul,

    The mail you have posted came from AOL (64.12.138.8). IF it had your email address in the From field, then it's simply been spoofed (anyone can put whatever they like in the From: field) but the email clearly hasn't come from your server. This is a common trick used by spammers so that return-errors go to other people.

    If you want to test your server for an open relay, pop along here:

    http://www.abuse.net/relay.html

    Read it very carefully if you don't go with the anonymous mode so that you don't kick off a false-positive.

  5. #5
    Incidentally, you should only trust the very last appended (i.e. at the top) Received: line in an email header that you are checking for false routing, all the other instances could be (and in the case of SPAM, probably are) spoofed.

  6. #6
    Thanks! I didn't think it was relay. Anyway to stop spoofing?
    Paul Gowder
    Webmaster
    PowWows.com

  7. #7
    Nope, that's why they do it. The only way would be to hide your email address and use form to email. Unfortunately, spammers will do anything these days, and impersonating From: addresses is just one of them.

  8. #8
    Originally posted by pgowder
    How does that help??

    I don't understand that thread.

    Pop-before-relay doesn't work well??? Then what is my alternative.
    No, the Pop-before-SMTP works well. The guy was bored when he say it did not work well if you read his posting.

    To prevent SMTP Relay through your server, you need to close all relay by enabling the POP-before-SMTP and remove all entries under the Relay for following host and save. Once you do that, only if the user is authenticated via POP then he could email through your server. If he cannot then it would be rejected thus effectively blocking the relay security hole.

    Others may be able to 'fake' your email address when sending out mails but a check at the header would tell it does not originate from your site.

    But from your email, it shows that the mail originates from an AOL account holder and it did not pass through your server SMTP.
    http://www.batchimage.com - Offering Batch Image Processing and TIFF/PDF Software Solutions

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •