Mailing List SIMS@mail.stalker.com Message #12348
From: Paul Didzerekis <hostmaster@3-rivers.com>
Subject: Re: Open relay detected within your network
Date: Thu, 9 Jan 2003 21:12:26 -0800
To: SIMS Discussions <SIMS@mail.stalker.com>
On 1/9/03 2:23 PM, Joe Wagner at joew@cdr.stanford.edu wrote:

 1/9/2003 -0800,  Larry Stone <lstone19@stonejongleux.com> wrote:
 More interesting, I get that same "will be relayed to a client" if I send to
 user@domain@[192.168.1.x] where x is any number other than 3. When I make
 it 192.168.1.3, I get "we do not relay". All of 192.168.1.1-192.168.1.255
 is in the Client Hosts list.
 Now how are you getting that to work? Here's what I get then I try that via
 telnet on my secondary going to my primary:
 571 <joew@cdr.stanford.edu@hypertouch.com> we do not relay.
 571 <joew@cdr.stanford.edu@67.41.229.20> we do not relay.
 571 <joew@cdr.stanford.edu@[67.41.229.20]> we do not relay.

Is 67.41.229.20 the address of your SIMS server? Is it in the Client Hosts
list?

Try using the address of another host in the Client Hosts list and see what
message you get (and use the third form of address above).

I think why I'm seeing it is I have SIMS behind a NAT router. SIMS sees it's
address as 192.168.1.3. The public address is 66.92.131.28 which is the NAT
router - all port 25 traffic is forwarded to 192.168.1.3.

I noticed this because I ran the relay test at
telnet://relay-test.mail-abuse.org. It tries to send a message to
nobody%mail-abuse.org@[66.92.131.28]. At the time, I had 66.92.131.28 in the
Client Host list (it's gone now as there is no reason for it). Since in SIMS
view, 66.92.131.28 was a client that was not itself, it accepted the
message. But it didn't get relayed, it just looped infinitely since it sent
it on to 66.92.131.28 which was itself although SIMS did not know that.

My thinking is that for some reason in Paul's case, the [IPaddress] part is
getting stripped when it reaches the primary leaving just user@outsidehost
which then gets relayed. But why that might be happening I have no idea.

-- Larry Stone

Larry,

That is exactly what is happen. I have log file snippets that show just that.  My servers were actually letting through 3 or 4 variations of that relay hack.  And my point is that SIMS should not be allowing this to happen but for some strange reason it was.

--
Paul Didzerekis
Owner, Three Rivers Internet
http://www.3-rivers.com or http://www.threeriversinternet.com
Professional website hosting, authoring, & consulting.
       E-commerce using our exclusive EasyCartSystem
FREE website hosting for non-profits at http://nonprofitmac.com/
LOCAL PHONE 946-3163         ******       TOLL FREE 800-426-6646
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster