zeldor.biz

Linux, programming and more

Copyright © 2023
Log in

OpenRelay

November 29, 2012 by Igor Drobot Leave a Comment

Introducing of two different examples to check your E-Mail-Server for an open relay.
Open relay is an E-Mail server configured in such a way that it allows anyone on the internet to send E-Mails through your server. This can be very dangerous!

First test is a simple TCP-Connect to your own e-mail server:

1
2
3
4
5
6
7
8
9
10
11
12
id@leonardo:~$ telnet mx.idrobot.net 25
 
Trying 188.40.116.226...
Connected to mx.idrobot.net.
Escape character is '^]'.
220 mx.idrobot.net ESMTP Exim 4.69 Fri, 16 Oct 2009 23:12:32 +0200
helo leonardo.local
250 mx.idrobot.net Hello p5482601e.dip.t-dialin.net [84.130.96.30]
mail from: test@openralay.ua
250 OK
rcpt to: victim@spam.ua
550 relay not permitted

id@leonardo:~$ telnet mx.idrobot.net 25 Trying 188.40.116.226... Connected to mx.idrobot.net. Escape character is '^]'. 220 mx.idrobot.net ESMTP Exim 4.69 Fri, 16 Oct 2009 23:12:32 +0200 helo leonardo.local 250 mx.idrobot.net Hello p5482601e.dip.t-dialin.net [84.130.96.30] mail from: test@openralay.ua 250 OK rcpt to: victim@spam.ua 550 relay not permitted

Second one is a automatic test with swaks (swaks is not a default core tool; you can install it: apt-get install swaks):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# swaks -s fw.idrobot.net -f test@openralay.ua -t victim@spam.com
=== Trying fw.idrobot.net:25...
=== Connected to fw.idrobot.net.
<-  220 firewall.idrobot.net ESMTP Postfix (Debian/GNU)
 -> EHLO mx.idrobot.net
<-  250-firewall.idrobot.net
<-  250-PIPELINING
<-  250-SIZE 10240000
<-  250-VRFY
<-  250-ETRN
<-  250-STARTTLS
<-  250-ENHANCEDSTATUSCODES
<-  250-8BITMIME
<-  250 DSN
 -> MAIL FROM:
<-  250 2.1.0 Ok
 -> RCPT TO:
<** 554 5.7.1 : Relay access denied
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.

# swaks -s fw.idrobot.net -f test@openralay.ua -t victim@spam.com === Trying fw.idrobot.net:25... === Connected to fw.idrobot.net. <- 220 firewall.idrobot.net ESMTP Postfix (Debian/GNU) -> EHLO mx.idrobot.net <- 250-firewall.idrobot.net <- 250-PIPELINING <- 250-SIZE 10240000 <- 250-VRFY <- 250-ETRN <- 250-STARTTLS <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250 DSN -> MAIL FROM: <- 250 2.1.0 Ok -> RCPT TO: <** 554 5.7.1 : Relay access denied -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host.

Filed Under: Linux, Mailing, Networking Tagged With: MTA, OpenRelay, security

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *