home | list info | list archive | date index | thread index

Re: [OCLUG-Tech] Nullmailer on Ubuntu 12.04

On Sat, May 02, 2015 at 10:30:51AM -0400, Bill Strosberg wrote:
> From what Spamhaus is saying it means you have an open relay - allowing
> systems external to your network the ability to send mail from your
> server without any authentication.  Basically this means you are
> accepting connections to use your server as a "sender" of anything
> without making sure it is an authorized user.

Even if it is only that, if he's in a residential area in a dynamic
range, he likely will be in a blacklist anyhow. Some exchanges will even
refuse mail from the static IP ranges of ISPs. For example, att.com and
bbox.fr refuse mail from me, forcing me to relay through
smtp.teksavvy.com.

> You can verify this by trying to send mail from your server using it's
> external IP address on port 25 without a username or password - if it
> relays your mail it will do so for anyone on the planet.  This is the
> exact setup hunted by spammers to ply their trade.

If you want to understand how email works, do it manually. You can also
use nmap,

    $ nmap --script-help /usr/share/nmap/scripts/smtp-open-relay.nse
    smtp-open-relay
    Categories: discovery intrusive external
    http://nmap.org/nsedoc/scripts/smtp-open-relay.html
      Attempts to relay mail by issuing a predefined combination of SMTP commands. The goal
      of this script is to tell if a SMTP server is vulnerable to mail relaying.

or, if you don't have any privacy concerns, you could use an online
tool.

    http://mxtoolbox.com/diagnostic.aspx

> You can telnet to port 25 and see exactly what is going on.

Please do not use telnet just to attempt to establish a raw TCP
connection. Telnet is not 8-bit clean and has other quirks.

    http://en.wikipedia.org/wiki/Telnet#Telnet_data

Use netcat.

    nc somemailserver 25

> There are thousands of tutorials on verifying email server setup -
> just identify which server software you are using (usually sendmail,
> postfix or exim), and Google "postfix telnet email test send".
> […]
> If you are going to run an outbound email server, take the time to get
> to know the program.

It's not just the program, but the whole system. Understanding the whole
system first would have made this unlikely; it gives one a checklist or
roadmap of what to do. A tool is a means to an end. Just reading a
tutorial can leave gaps if taken literally.

You needn't read the RFC, but I don't have a list of definitive
resources on all you need to know about SMTP. Does anybody have any
recommendations?

You should also set up SPF, DKIM, and DMARC. Here are some testing
tools.

    http://mxtoolbox.com/spf.aspx
    http://mxtoolbox.com/dkim.aspx
    http://mxtoolbox.com/dmarc.aspx

Regards,

Alex Pilon

Attachment: pgpqHVMkhTnAD.pgp
Description: PGP signature