Printable Version of Topic

Click here to view this topic in its original format

914World.com _ 914World Garage _ calling on the techies, need help with the site!

Posted by: SirAndy Sep 29 2005, 02:36 PM

ok, i need some help here ...

some schmock submitted the clubsite to one of the SPAM blacklisting websites, called "ordb.org" (stands for Open Relay Database) claiming that the clubsite acts as a open relay for spam emails ...

now i checked and doublechecked the settings but i can't find anything wrong, much less a open relay ...

could you guys please hammer away on the club email server and see if you can get it to relay anything?
and if so, let me know HOW you did it ..

here's the mail server info:

Host: mail.914world.com
IP: 66.250.97.205
SMTP Port: 25
Mailserver Software: iMail ver. 6.06
Host OS: Windown NT 4.0, SP 6

and here's what ordb.org has to say about the site:
http://ordb.org/lookup/?host=66.250.97.205

HELP!
Andy

Posted by: lapuwali Sep 29 2005, 03:04 PM

There's a site http://www.dnsreport.com, which is pretty good for sorting out DNS and email server issues. It complains there's no MX record for mail.914world.com, and it couldn't talk to the email server at all...

www.dnsstuff.com (same bunch) also has a lot of nice tools for things like determining if you're on spam blocking lists. It shows 914club on spews as well as ordb.

Lots of nice tools there...

Posted by: lapuwali Sep 29 2005, 03:14 PM

Oh, and in my experience, a lot of these blocking sites are run by overzealous idiots who don't even bother to check on reports before listing you. If you try emailing them yourself, you might be able to convince them to remove you. This kind of thing can sometimes get very serious. I once had a registrar yank our registration due to spam complaints without even bothering to contact us. We were down for several days while we got that sorted out and waited for DNS records to propogate again.

I've not heard of ORDB, but I've been out of the email game for a couple of years.

Posted by: Part Pricer Sep 29 2005, 03:26 PM

Very strange. I just poked around quickly and did not uncover an open relay. However, the message header from ORDB clearly indicates otherwise.

QUOTE

Return-Path:
X-Original-To: marvin@marvin.ordb.org
Delivered-To: marvin@bockscar.ordb.org
Received: from 914world.com (ftp.914world.com [66.250.97.205])
by bockscar.ordb.org (Postfix) with ESMTP id E8D8754CC
for ; Thu, 29 Sep 2005 11:13:40 +0000 (GMT)
Received: from localhost.localdomain [62.242.0.190] by 914world.com with ESMTP
(SMTPD32-6.06) id ACDA2AE2010C; Thu, 29 Sep 2005 04:15:38 -0700
From: root@914world.com
To: marvin@marvin.ordb.org
X-ORDB-Envelope-From: root@914world.com
X-ORDB-Envelope-To: marvin@marvin.ordb.org
Subject: ORDB.org check (0.826921601173190.47377813193) ip=66.250.97.205
Message-Id: <20050929111340.E8D8754CC@bockscar.ordb.org>
Date: Thu, 29 Sep 2005 11:13:40 +0000 (GMT)

Let me get to my other machine that has my "toolset" and I'll see what I can find.

Posted by: SirAndy Sep 29 2005, 03:32 PM

QUOTE (Part Pricer @ Sep 29 2005, 02:26 PM)
Very strange. I just poked around quickly and did not uncover an open relay. However, the message header from ORDB clearly indicates otherwise.

ayupp, that's exactly how far i got ...

hope your "tools" are better than mine!
Andy

Posted by: lapuwali Sep 29 2005, 03:34 PM

I forged an email by hand and the email server sent it just fine. It's not so much a "open relay" (as in you can forge BOTH the sender and the sendee domains), but you can send email as "root@914world.com" very easily. I sent some to myself through the system, and forged the From: header using a different domain, which got passed right on through. The Return-Path was root@914world.com.

Ideally, you want to set up your server to reject MAIL FROM: lines that include your domain, where the connection doesn't originate from within your domain (or localhost, in your case, since it's all one box). Also, it should reject From: headers that don't originate from within your domain. Both of these will make it impossible for any agent not in your domain from sending email as though it came from there. It's NOT set up that way now. Can't offer you any help on how to configure iMail this way, sorry.

Posted by: ThinAir914 Sep 29 2005, 03:35 PM

Please keep us posted on findings/solutions. This is the kind of thing that almost any web site administrator could run into some day and any info will be helpful for when that day comes.

Posted by: SirAndy Sep 29 2005, 03:39 PM

QUOTE (lapuwali @ Sep 29 2005, 02:34 PM)
I forged an email by hand and the email server sent it just fine.

ah, the good old telnet email client ...

hmmm, gotta have to dig into the iMail manual for that one, there is no obvious setting for that anywhere ...
Andy

Posted by: lapuwali Sep 29 2005, 03:45 PM

The cheap and easy way out of this would be to have the mail server just reject any connections from outside localhost, or have the OS itself reject connections to port 25. This assumes the only email originates from the club site for things like notifications, of course. If you're actually receiving email, this obviously won't work.

I haven't done email stuff in so long, I was amazed I remembered how to do it by hand...

Posted by: Part Pricer Sep 29 2005, 03:54 PM

Damn! James got to it before I did.

Reject everything except from localhost. The easy way out.

Posted by: Part Pricer Sep 29 2005, 04:00 PM

From the Administrator, look under SMTP, then SMTP security

Attached image(s)

Posted by: SirAndy Sep 29 2005, 04:09 PM

yeah, did that, it now rejects the telnet approach ....

i DO have a few users use outlook to send/receive email, like the admin and sales accounts.

i turned on SMTP VRFY on the server, i think it's just a simple setting in outlook and that should work ...

we'll see ...

anything else????
Andy

Posted by: lapuwali Sep 29 2005, 04:24 PM

Looks closed now, to me. Submit to ORDBs test, and you should be removed. You should also look into the fact that you're on the SPEWS blocking lists. The DNSReport stuff will tell you about that.

Posted by: Gint Sep 29 2005, 04:46 PM

James is dead on. That's why we never allowed it when we were on the linux box. It was just plain easier that way.

I don't know anything about iMail either. If you want to continue to recieve mail you're going to have to figure that out. Sorry there...