STARTTLS is an encrypted communication method using TLS - newer than SSL, but uses the same OpenSSL library. Basically an encrypted SSL connection is established between the server and client. Your MTA should be firewalled out of connections coming from your public IP address if there is no SSL/TLS option (close inbound port 25 connections on the external interface). Just because you've made it on Spamhaus' radar is no indication things have changed on your end - the problem could have existed all this time without being noticed. Once spammers do notice an open relay, they tend to stuff it as full and fast as they can. I've had experience with sendmail (which I do not recommend to people because it's configuration files look like someone banged their head on a keyboard randomly) and Postfix (which I do recommend). Between Postfix and iptables I've never had a problem with running public email servers. -- Bill On 15-05-02 11:27 AM, David Patte ₯ wrote: > Thanks. > > Actually, nullmailer is a message transfer agent, simply forwarding my > mail to the smtp at my provider. And nullmailer is authenticating with > my provider using a password. But it is not authenticating using > STARTTLS. > > But I will verify whether others are able to send email through my > nullmailer. > > I'm not exactly sure what starttls is doing, perhaps some form of > encryption, but it seems that my issue is something new, caused by > some stricter authentication rules that spamhaus has decided are now > required, not something I changed on my side. Nullmailer has been > running for over a year and a half, and this issue just started. > > Trouble is that I don't know how I can enable starttls on nullmailer, > nor how to replace nullmailer by exim, which I believe supports starttls. > > > > On 2015-05-02 10:30, Bill Strosberg wrote: >> David: >> >> >From what Spamhaus is saying it means you have an open relay - allowing >> systems external to your network the ability to send mail from your >> server without any authentication. Basically this means you are >> accepting connections to use your server as a "sender" of anything >> without making sure it is an authorized user. >> >> You can verify this by trying to send mail from your server using it's >> external IP address on port 25 without a username or password - if it >> relays your mail it will do so for anyone on the planet. This is the >> exact setup hunted by spammers to ply their trade. You can telnet to >> port 25 and see exactly what is going on. If you've been used as a >> spamming source you are also paying for a lot of packets that they are >> relaying through your server. >> >> There are thousands of tutorials on verifying email server setup - just >> identify which server software you are using (usually sendmail, postfix >> or exim), and Google "postfix telnet email test send". >> >> I haven't used nullmailer (whatever that is) I just invested the time >> and effort to get to know Postfix well - after about twenty years of >> fear and loathing of sendmail. If you are going to run an outbound >> email server, take the time to get to know the program. >> >> -- >> Bill >> > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux