ok, i need some help here ...

some schmock submitted the clubsite to one of the SPAM blacklisting websites, called "ordb.org" (stands for Open Relay Database) claiming that the clubsite acts as a open relay for spam emails ...

now i checked and doublechecked the settings but i can't find anything wrong, much less a open relay ...

could you guys please hammer away on the club email server and see if you can get it to relay anything?
and if so, let me know HOW you did it ..

here's the mail server info:

Host: mail.914world.com
IP: 66.250.97.205
SMTP Port: 25
Mailserver Software: iMail ver. 6.06
Host OS: Windown NT 4.0, SP 6


and here's what ordb.org has to say about the site:
http://ordb.org/lookup/?host=66.250.97.205

HELP!
Andy

There's a site DNS Report, which is pretty good for sorting out DNS and email server issues. It complains there's no MX record for mail.914world.com, and it couldn't talk to the email server at all...

www.dnsstuff.com (same bunch) also has a lot of nice tools for things like determining if you're on spam blocking lists. It shows 914club on spews as well as ordb.

Lots of nice tools there...

Oh, and in my experience, a lot of these blocking sites are run by overzealous idiots who don't even bother to check on reports before listing you. If you try emailing them yourself, you might be able to convince them to remove you. This kind of thing can sometimes get very serious. I once had a registrar yank our registration due to spam complaints without even bothering to contact us. We were down for several days while we got that sorted out and waited for DNS records to propogate again.

I've not heard of ORDB, but I've been out of the email game for a couple of years.

Very strange. I just poked around quickly and did not uncover an open relay. However, the message header from ORDB clearly indicates otherwise.

QUOTE

Return-Path: X-Original-To: marvin@marvin.ordb.org Delivered-To: marvin@bockscar.ordb.org Received: from 914world.com (ftp.914world.com [66.250.97.205]) by bockscar.ordb.org (Postfix) with ESMTP id E8D8754CC for ; Thu, 29 Sep 2005 11:13:40 +0000 (GMT) Received: from localhost.localdomain [62.242.0.190] by 914world.com with ESMTP  (SMTPD32-6.06) id ACDA2AE2010C; Thu, 29 Sep 2005 04:15:38 -0700 From: root@914world.com To: marvin@marvin.ordb.org X-ORDB-Envelope-From: root@914world.com X-ORDB-Envelope-To: marvin@marvin.ordb.org Subject: ORDB.org check (0.826921601173190.47377813193) ip=66.250.97.205 Message-Id: <20050929111340.E8D8754CC@bockscar.ordb.org> Date: Thu, 29 Sep 2005 11:13:40 +0000 (GMT)

Let me get to my other machine that has my "toolset" and I'll see what I can find.

QUOTE (Part Pricer @ Sep 29 2005, 02:26 PM)

Very strange. I just poked around quickly and did not uncover an open relay. However, the message header from ORDB clearly indicates otherwise.

ayupp, that's exactly how far i got ...

hope your "tools" are better than mine!
Andy

I forged an email by hand and the email server sent it just fine. It's not so much a "open relay" (as in you can forge BOTH the sender and the sendee domains), but you can send email as "root@914world.com" very easily. I sent some to myself through the system, and forged the From: header using a different domain, which got passed right on through. The Return-Path was root@914world.com.

Ideally, you want to set up your server to reject MAIL FROM: lines that include your domain, where the connection doesn't originate from within your domain (or localhost, in your case, since it's all one box). Also, it should reject From: headers that don't originate from within your domain. Both of these will make it impossible for any agent not in your domain from sending email as though it came from there. It's NOT set up that way now. Can't offer you any help on how to configure iMail this way, sorry.

Please keep us posted on findings/solutions. This is the kind of thing that almost any web site administrator could run into some day and any info will be helpful for when that day comes.

QUOTE (lapuwali @ Sep 29 2005, 02:34 PM)

I forged an email by hand and the email server sent it just fine.

ah, the good old telnet email client ...

hmmm, gotta have to dig into the iMail manual for that one, there is no obvious setting for that anywhere ...
Andy

The cheap and easy way out of this would be to have the mail server just reject any connections from outside localhost, or have the OS itself reject connections to port 25. This assumes the only email originates from the club site for things like notifications, of course. If you're actually receiving email, this obviously won't work.

I haven't done email stuff in so long, I was amazed I remembered how to do it by hand...

Damn! James got to it before I did.

Reject everything except from localhost. The easy way out.

From the Administrator, look under SMTP, then SMTP security

yeah, did that, it now rejects the telnet approach ....

i DO have a few users use outlook to send/receive email, like the admin and sales accounts.

i turned on SMTP VRFY on the server, i think it's just a simple setting in outlook and that should work ...

we'll see ...

anything else????
Andy

Looks closed now, to me. Submit to ORDBs test, and you should be removed. You should also look into the fact that you're on the SPEWS blocking lists. The DNSReport stuff will tell you about that.

James is dead on. That's why we never allowed it when we were on the linux box. It was just plain easier that way.

I don't know anything about iMail either. If you want to continue to recieve mail you're going to have to figure that out. Sorry there...