Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Mailserver acting as open relay


Mailserver acting as open relay




Posted by AhmedC, 06-15-2009, 08:05 PM
Hello All, I have been having issues with spam on my mail server. I tested the server at abuse.net and test 6 fails with the following result: Relay test 6 >>> RSET <<< 250 Reset OK >>> MAIL FROM: <<< 250 OK >>> RCPT TO: <<< 250 Accepted >>> DATA <<< 354 Enter message, ending with "." on a line by itself >>> (message body) <<< 250 OK id=1MGLZF-0002Jz-IZ I have been trying for hours to close this hole with no success. I am running the server using cPanel / WHM which supposedly closes open relay by default, I have tried tweaking the settings, but still no luck. Any help would be greatly appreciated! (Server is running CentOS, cPanel/WHM, and is using Exim) Additional Details: It seems like it is accepting the mail because of the "%" in the to field.
Posted by AhmedC, 06-15-2009, 09:10 PM
Update: It looks like the mail is being forwarded due to something known as the "percent hack", where the address is specified as "user%domainB.com@domainA.com". This results in mail being sent to "user@domainB.com" via "domainA.com". The issue is that "domainA.com" is a whitelisted domain and is therefore ignored by exim. "percent_hack_domains" in Exim is not enabled though. "Sender address uses local hostname and recipient uses percent hack mail from: rcpt to: " Any ideas?
Posted by InstaCarma_Support, 06-16-2009, 12:02 AM
To close the open relay run: If that doesn’t work then edit /etc/exim.conf, you should see in line 61 (or close if somebody changed the default configuration) the definition of which hosts are allowed relaying : hostlist relay_from_hosts = 127.0.0.1:192.168.10.0/24 These values will allow localhost and few ips. Nothing else. Adjust the values according to the requirement. OR hostlist relay_from_hosts = 127.0.0.1 This will allow only localhost to have open relay. That’s all you need to do to change to avoid open relay.
Posted by AhmedC, 06-16-2009, 12:15 AM
Thank you for the reply. I had tried both of those solutions earlier with no luck. Adding the following to my exim configuration did solve the percent hack issue though: deny message = Relaying denied local_parts = ^.*[@%!/|] : ^\\. Hopefully this helps somebody else in the future... It took the entire day to get that bit of code tracked down!


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Pricing for Dedicated (Unshared) Connection? (Views: 787)
Ecatel down??? (Views: 777)
KVM VPS Snapshot (Views: 762)
PHP Error (Views: 668)
Client signup's Question? (Views: 746)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.