Security Basics mailing list archives
Re: Mail relay question
From: "0x90" <secbasics () spam gagspace com>
Date: Fri, 22 Feb 2008 20:07:52 +0100
The amount alone is huge I think when I am only hosting my wife and myself (as well as theusual abuse etc. contacts). I am worried that my home is an open relay in a manner I have not found.
Getting a lot of spam, and being an open relay do not have much to do with each other. PS: You are most likely NOT an open relay, otherwise you would be on RBL's, and you'd have a problem trying to deliver emails anywhere.
Then I learn that via telnet I can send email from mydomain.com to mydomain.com and have itdelivered even when the telnet session is from a public IP.
That's how it all works. If you couldn't do that, you wouldn't get any emails. They arrive from public IP's (mailservers, etc) to your mail server, with the destination address ending with this 'mydomain.com'.
So, I am a little fuzzy on what it is I am trying to learn here, but:1. Would you think 5000 emails a month with maybe 200 valid emails is normal in ahome/family type setup?
Yes. This depends on many things, such as you and your wife giving out your addresses on websites, having contacts that are infected with spy/spamware, predictability or the username part, number of aliases that point to the same mailbox, what filtering mechanisms you have to reject emails before they are even sent (RBL, rdns verification, etc).
2. Is mail always accepted and relayed when the sender and recipient domain is the same?(This is without sender authentication configured or capability).
To put it simple, mail is accepted if 1) you send from a trusted source (like your home internal ip's, localhost, whatever else you configured), 2) the destination domain is handled on your server (mydomain.com).
a. If yes, what is to stop an angry neighbor on his vacation to China from sending a nasty emailfrom me to my wife? (In this unsecure setup).
Anybody can spoof any source address. There's nothing you can do about it.
From the headers you would see the originating chinese IP.
b. My gateway at home (Smoothwall using DSPAM/SEMF? mod) only accepts the initial HELO if followed by connecting domain name (HELO domain.com) So how come I canconnect from domainx.com and send email from domainy.com to domainy.com?
HELO is irrelevant. MAIL FROM and RCPT TO are the source/destination addresses, and the From: and To: headers are taken into account in your email client. Google SMTP RFC? ;)
c. What can I do to remove this risk?
What risk.
3. Any recommendations on a free mail gateway solution? SpamAssassin? ClamAV? My goal is to migrate away from Exchange 2003. I have been wanting to try Zimbra for mail server but would like a good mail gateway in the DMZ instead of hosted by the firewall.
Whatever you have, if you properly configure it you should be ok. I vote for postfix. But it's a matter of taste.
0x90 http://hax.tor.hu/
Current thread:
- FW: Mail relay question Nick Vaernhoej (Feb 22)
- Re: Mail relay question 0x90 (Feb 22)
- RE: Mail relay question Nick Vaernhoej (Feb 22)
- Re: Mail relay question 0x90 (Feb 25)
- Re: Mail relay question Aaron Howell (Feb 25)
- Re: Mail relay question Ansgar -59cobalt- Wiechers (Feb 25)
- RE: Mail relay question Nick Vaernhoej (Feb 22)
- Re: FW: Mail relay question Ansgar -59cobalt- Wiechers (Feb 22)
- Re: FW: Mail relay question Aaron Howell (Feb 22)
- RE: Mail relay question Ric Messier (Feb 22)
- <Possible follow-ups>
- Re: FW: Mail relay question rafael . almeida (Feb 25)
- Re: Mail relay question 0x90 (Feb 22)