Results 1 to 4 of 4
  1. #1

    Mailserver acting as open relay

    Hello All,

    I have been having issues with spam on my mail server. I tested the server at abuse.net and test 6 fails with the following result:

    Relay test 6
    >>> RSET
    <<< 250 Reset OK
    >>> MAIL FROM:<[email protected]>
    <<< 250 OK
    >>> RCPT TO:<[email protected]>
    <<< 250 Accepted
    >>> DATA
    <<< 354 Enter message, ending with "." on a line by itself
    >>> (message body)
    <<< 250 OK id=1MGLZF-0002Jz-IZ

    I have been trying for hours to close this hole with no success. I am running the server using cPanel / WHM which supposedly closes open relay by default, I have tried tweaking the settings, but still no luck.

    Any help would be greatly appreciated!

    (Server is running CentOS, cPanel/WHM, and is using Exim)


    Additional Details:

    It seems like it is accepting the mail because of the "%" in the to field.

  2. #2
    Update: It looks like the mail is being forwarded due to something known as the "percent hack", where the address is specified as "[email protected]". This results in mail being sent to "[email protected]" via "domainA.com". The issue is that "domainA.com" is a whitelisted domain and is therefore ignored by exim. "percent_hack_domains" in Exim is not enabled though.

    "Sender address uses local hostname and recipient uses percent hack

    mail from: <[email protected]>
    rcpt to: <[email protected]>"

    Any ideas?

  3. #3
    To close the open relay run:

    Code:
    /scripts/fixrelayd
    /etc/rc.d/init.d/antirelayd restart
    service exim restart
    If that doesnít work then

    edit /etc/exim.conf, you should see in line 61 (or close if somebody
    changed the default configuration) the definition of which hosts are
    allowed relaying :

    hostlist relay_from_hosts = 127.0.0.1:192.168.10.0/24

    These values will allow localhost and few ips.
    Nothing else. Adjust the values according to the requirement.

    OR

    hostlist relay_from_hosts = 127.0.0.1

    This will allow only localhost to have open relay.

    Thatís all you need to do to change to avoid open relay.

  4. #4
    Thank you for the reply. I had tried both of those solutions earlier with no luck. Adding the following to my exim configuration did solve the percent hack issue though:

    deny message = Relaying denied
    local_parts = ^.*[@%!/|] : ^\\.

    Hopefully this helps somebody else in the future... It took the entire day to get that bit of code tracked down!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •